Assurance Coursebook: Malawi Accounting Technician Diploma
advertisement
ASSURANCE CHARTERED ACCOUNTANT MALAWI MALAW ASSURANCE THE INSTITUTE OF I CHARTERED ACCOUNTANTS IN MALAWI N T KNOWLEDGE LEVEL ‘January 2014 TAXATION (TC10(B) TECHNICIAN DIPLOMA IN ACCOUNTING PUBLIC ACCOUNTANTS EXAMINATION COUNCIL OF MALAWI ASSURANCE P.O. Box 1 Blantyre E-mail: icam@icam.mw www.icam.mw ISBN: 978-99960-9-733-1 All rights reserved. No part of this book may be reproduced or transmitted in any form or by any meansgraphic, electronic or mechanical including photocopying, recording, taping or information storage and retrieval systems-without the written permission of the copyright holder. Design PRISM Consultants prismmw@gmail.com ASSURANCE PREFACE INTRODUCTION The Institute noted a number of difficulties faced by students when preparing for the Institute’s examinations. One of the difficulties has been the unavailability of study manuals specifically written for the Institute’s examinations. In the past students have relied on text books which were not tailor-made for the Institute’s examinations and the Malawian environment. AIM OF THE MANUALS The manual has been developed in order to provide resources that will help the Institute’s students attain the needed skills. It is therefore recommended that each student should have their own copy. HOW TO USE THE MANUAL Students are being advised to read chapter by chapter since subsequent work often builds on topics covered earlier. Students should also attempt questions at the end of the chapter to test their understanding. The manual will also be supported with a number of resources which students should keep checking on the ICAM website. ASSURANCE CONTENTS SECTION A: INTRODUCTION TO ASSURANCE .........................................................1 Chapter 1: Nature and need for Assurance ..............................................................................2 Chapter 2: Assurance Process ..................................................................................................10 Chapter 3: Legal and Professional Framework ........................................................................25 Chapter 4: Internal and External Auditing ...............................................................................40 SECTION B: ASSURANCE IN PRACTICE ..................................................................... 53 Chapter 5: Financial Statements: Audit Planning ................................................................... 54 Chapter 6: Financial Statements: Substantive Procedures in the Audit of key Financial Statement figures ...................................................................................................................................... 115 Chapter 7: Financial Statements: Audit Review and Finalisation……....…………………….156 Chapter 8: Financial Statements: Reporting ............................................................................ 171 Chapter 9: Prospective Financial Information ......................................................................... 185 Chapter 10: Risk Management................................................................................................. 193 Chapter 11: Corporate Governance ......................................................................................... 200 Chapter 12: Internal Controls .................................................................................................. 213 Chapter 13: Environmental Audit ........................................................................................... 238 Chapter 14: Value for Money Audits ...................................................................................... 265 SECTION C: PERSONAL AND PROFESSIONAL ETHICS ..........................................273 Chapter 15: Introduction to Ethics .......................................................................................... 274 Chapter 16: Personal Ethics .....................................................................................................287 Chapter 17: Code of Ethics.......................................................................................................301 ANSWERS TO END OF CHAPTER QUESTIONS ..........................................................336 ii ASSURANCE P5: ASSURANCE AIM OF THE COURSE To develop candidates’ knowledge and skills of assurance and fundamental principles of personal and professional ethics, and are able to apply them in the assurance process within the context of regulatory framework. OBJECTIVES On completion of this module, candidates should be able to: Explain the meaning of assurance, its importance and the need for assurance engagements being carried out by appropriately qualified professionals; Describe the nature of subject matters where assurance may be provided and explain how an assurance process can be executed on such subject matters; and Explain the importance of personal and professional ethics as a provider of assurance services. FORMAT AND STANDARD OF THE EXAMINATION PAPER The examination paper for the P5 Assurance module will comprise five compulsory questions. Each question will carry 20 marks. SPECIFICATION GRID This grid shows the relative weightings of sections within this course. Marks available in the examination assessment will roughly equate to the weightings below, although slight variations may occur in individual sections assessments to enable suitably rigorous questions to be set. Syllabus Area Weightings % Introduction to Assurance 20 Assurance in Practice 50 Personal and Professional Ethics 30 Total 100 iii ASSURANCE LEARNING OUTCOMES The course syllabus seeks to accomplish the following learning outcomes: Section 1: Introduction to Assurance Candidates will be able to explain the meaning of assurance, its importance and the need for assurance engagements being carried out by appropriately qualified professionals. In the assessment, candidates may be required to: a. define the concept of assurance; b. state the purpose of assurance report; c. provide benefits gained from and limitations of an assurance; d. compare the roles and characteristics of different parties involved in assurance engagement; e. identify and compare purpose and characteristics of, and levels of assurance obtained from, different assurance engagements; f. define the concept of reasonable assurance; g. define the assurance process which includes: obtaining engagement, planning, determination of scope of work and obtaining evidence. h. compare different methods of obtaining evidence; i. recognize the strength and weaknesses of different methods of obtaining evidence; j. select the appropriate methods of obtaining evidence from the test of controls and substantive testing procedures for a given subject matter; k. recognizing issues arising whilst gathering assurance evidence that should be referred to senior colleague; l. identify the circumstances in which written confirmation of representations from management should be sought and the reliability of such confirmation as a form of assurance evidence; These two have not been captured on the chapter, have they been covered in the text or we should remove them? m. identify the roles of regulation and guidelines in engagements; n. discuss auditors appointment, rights, duties, remuneration and removal or resignation; o. Discuss the law of contract and how it can affect an assurance engagement; p. explain the different perspectives in which a professional accountant would provide assurance services; and q. distinguish the role of an internal auditor from that of an external auditor in the provision of assurance services. iv ASSURANCE Section 2: Assurance in Practice Candidates will be able to describe the nature of subject matters where assurance may be provided and explain how an assurance process can be executed on such subject matters. In assessment, candidates may be required to: a. define and explain the key planning considerations of materiality, audit risk, impact of IT on audit planning; b. describe and prepare an audit strategy, understand different strategies to conduct the audit: risk based, systems based and controls based audit approaches; c. explain the procedures required to execute and report on an audit assurance assignment and describe the methods used to obtain evidence; d. understand and apply relevant auditing and reporting standards (ISA’s and IFRS) in relation to the audit of different financial statement sections; e. explain the importance of audit documentation; f. understand the audit reporting process and its key considerations; g. define prospective financial information (PFI); h. explain the key considerations when accepting a PFI engagement; i. describe the procedures used in the examination of PFI; j. explain the reporting process and assurance levels given in a PFI engagement; k. describe the risk management framework; l. explain the importance of risk management in the achievement of corporate goals; m. describe the process that would enable a professional accountant provide assurance on effectiveness of risk management; n. define corporate governance; o. explain the key principles to corporate governance systems; p. describe elements of corporate governance; q. describe the provisions of the Malawi code of corporate governance; r. explain the importance of corporate governance; s. describe the roles of the board, management and shareowners; t. explain the procedures required to plan, execute and report on a corporate governance assurance assignment; u. explain the role of internal controls within the entity; v. describe the five components of internal controls; w. identify and document an organisation’s internal controls (both manual and IT environment); x. explain preventative, detective and corrective controls; y. explain test of controls; z. discuss the inherent limitations of internal controls; aa. define environmental audit; bb. describe and assess the social and environmental effects that economic activity can have (in terms of social and environmental ‘footprints' and environmental reporting); cc. explain and assess the concept of sustainability and evaluate the issues concerning accounting for sustainability (including the contribution of 'full cost' accounting); dd. describe the main features of internal management systems underpinning environmental accounting such as EMAS and ISO 14000; ee. explain and assess the typical contents of a social and environmental report, and discuss the usefulness of this information to stakeholders; ff. explain the nature of social and environmental audit and evaluate the contribution it can make to the development of environmental accounting; gg. define value for money; v ASSURANCE hh. explain the meaning of economy, efficiency and effectiveness; ii. apply value for money in the human resources and procurement functions of a company; and jj. explain the procedures required to plan, execute and report on procurement and human resource assurance assignments. Section 3: Personal and Professional Ethics Candidates will be able to explain the importance of personal and professional ethics as a provider of assurance services. In the assessment, candidates may be required to: a. define ethics; b. describe the situations that pose ethical dilemmas; c. explain and analyse the content and nature of ethical decision-making using content from Kohlberg's framework as appropriate, AAA model and Tucker’s 5 question model; d. explain and analyse issues related to the application of ethical behaviour in a professional context; e. describe and discuss 'rules based' and 'principles based approaches to resolving ethical dilemmas encountered in professional accounting; f. explain the areas of behaviour covered by corporate codes of ethics; g. describe and assess the content of, and principles behind, professional codes of ethics; h. describe and assess the codes of ethics relevant to accounting professionals such as IFAC and ICAM. vi ASSURANCE SECTION A: INTRODUCTION TO ASSURANCE 1 ASSURANCE CHAPTER 1: NATURE AND NEED FOR ASSURANCE Topic List 1. Introduction; 2. Definition of assurance; 3. Elements of an assurance; 4. Importance of an assurance; 5. Examples of assurance services; 6. Limitations of an assurance service; 7. Levels of assurance; 8. Expectation Gap; 9. Chapter summary; and 10. End of chapter questions. Learning Outcomes By the end of this chapter students should be able to: define the concept of assurance; state the purpose of assurance report; provide benefits gained from an assurance; compare the roles and characteristics of different parties involved in assurance engagement; identify and compare purpose and characteristics of, and levels of assurance obtained from, different assurance engagements; define the concept of reasonable assurance; and discuss the benefits and limitations of assurance. 2 ASSURANCE 1. Introduction This chapter contains essential underlying knowledge about an assurance service, we will start by defining an assurance service, look at the importance of an assurance service, provide some examples of assurance services and finally discuss different level of assurance that can be obtained. 2. Definitions An assurance service/engagement can be defined as one in which a practitioner expresses a conclusion, designed to enhance the degree of confidence of the intended users, other than the responsible party, about the outcome of the evaluation or measurement of a subject matter against criteria. International framework for assurance engagement define an assurance engagement as one in which a professional accountant evaluates subject matter that is the responsibility of another party using identified suitable criteria and expresses a conclusion that provides the intended user with level of comfort about the subject matter. In brief, in an assurance engagement, an assurance firm is engaged by one party to give an opinion on a piece of information that has been prepared by another party. Please take note that the name assurance service is used to describe a broad range of information enhancement services that may be provided by a professional accountant. 3. Key elements of an assurance engagement An assurance engagement has five elements:3.1 Three people or groups The practitioner. The responsible party. The intended users. 3.2 A subject matter As we shall see below, the subject matter of an assurance engagement may vary considerably. However, it is likely to fall into one of three categories: Data (for example, financial statements or business projections) Systems or processes (for example, internal control systems or computer systems) Behaviour (for example, social and environmental performance or corporate governance) 3.3 Suitable Criteria Criteria are standards or benchmarks that are used to evaluate the subject matter of the engagement. Criteria are important in reporting the practitioners’ conclusion to the users because they convey the basis on which conclusion was formed (for example for an assurance engagement of financial statements, the criteria might be the accounting standard). 3 ASSURANCE The practitioner will be able to test whether the financial statements have been prepared in accordance with accounting standards, and if they have the practitioner can conclude that there is a degree of assurance that are reliable. 3.4 Sufficient appropriate evidence to support the assurance opinion The practitioner must substantiate the opinion that he draws in order that the user can have confidence that it is reliable. The practitioner must obtain evidence as to whether the criteria have been met. 3.5 Written assurance report in appropriate format It is required that assurance reports are provided to the intended users in a written form and contain certain specified information. This adds to the assurance that the user is being given, as it ensures that key information is being given and that the assurance given is clear. Practitioner The term “practitioner” as used in this Framework is broader than the term “auditor” as used in ISAs and ISREs. A practitioner may be requested to perform assurance engagements on a wide range of subject matters. Some subject matters may require specialised skills and knowledge beyond those ordinarily possessed by an individual practitioner. Responsible party The responsible party is the person (or persons) who: In a direct reporting engagement, is responsible for the subject matter; or In an assertion-based engagement, is responsible for the subject matter information (the assertion), and may be responsible for the subject matter. Examples An example of when the responsible party is responsible for both the subject matter information and the subject matter is when an entity engages a practitioner to perform an assurance engagement regarding a report it has prepared about its own sustainability practices. An example of when the responsible party is responsible for the subject matter information but not the subject matter is when a government organization engages a practitioner to perform an assurance engagement regarding a report about a private company’s sustainability practices that the organization has prepared and is to distribute to intended users. The responsible party may or may not be the party who engages the practitioner (the engaging party). Intended Users The intended users are the person, persons or class of persons for whom the practitioner prepares the assurance report. The responsible party can be one of the intended users, but not the only one. Whenever practical, the assurance report is addressed to all the intended users, but in some cases there may be other intended users. 4 ASSURANCE The practitioner may not be able to identify all those who will read the assurance report, particularly where there are a lot of users who have access to it. In such cases, particularly where possible readers are likely to have a broad range of interests in the subject matter, intended users may be limited to major stakeholders with significant and common interests. Intended users may be identified in different ways, for example, by agreement between the practitioner and the responsible party or engaging party, or by law. Subject matter The subject matter, and subject matter information, of an assurance engagement can take many forms, such as: Financial performance or conditions (for example, historical or prospective financial position, financial performance and cash flows) for which the subject matter information may be the recognition, measurement, presentation and disclosure represented in financial statements. Non-financial performance or conditions (for example, performance of an entity) for which the subject matter information may be key indicators of efficiency and effectiveness. Physical characteristics (for example, capacity of a facility) for which the subject matter information may be a specifications document. Systems and processes (for example, an entity’s internal control or IT system) for which the subject matter information may be an assertion about effectiveness. Behaviour (for example, corporate governance, compliance with regulation, human resource practices) for which the subject matter information may be a statement of compliance or a statement of effectiveness. Subject matters have different characteristics, including the degree to which information about them is qualitative versus quantitative, objective versus subjective, historical versus prospective, and relates to a point in time or covers a period. Such characteristics affect the: Precision with which the subject matter can be evaluated or measured against criteria; and The persuasiveness of available evidence. The assurance report notes characteristics of particular relevance to the intended users. An appropriate subject matter is: i. ii. Identifiable, and capable of consistent evaluation or measurement against the identified criteria; and. Such that the information about it can be subjected to procedures for gathering sufficient appropriate evidence to support a reasonable assurance or limited assurance conclusion, as appropriate. 5 ASSURANCE Worked example: Assurance service. Company X engaged the services of KM Auditors to carry out due diligence (review of financial statement, review of tax affairs and review of going concern) for the respective purchase of company Y. In the example above the elements of assurance are: Practitioner: KM Auditors Responsible party: Y Users: X Subject Matter; Due diligent, viability of company Y Criteria: compliance to company’s Act, Compliance to taxation Act, internal controls and review of going concern 4. Why is assurance important? The main purpose of an assurance is to provide comfort on the subject matter, an assurance may also have the following benefits: An assurance provides an independent, professional verification on the subject matter. It may give additional confidence to other parties ( for example the audit report may give confidence to other users such as banks). The availability of independent checks may prevent errors, or fraud to be committed and also reduce the risk of management bias. It ensures that high quality, reliable information exist within an organization, leading to investor increased trust and confidence in the company’s information. It helps boost stakeholders’ perception toward the organization’s attitude towards the environment and its stakeholders. (increasing publishing of information on emission targets or pledge not employ children, In cases where information deficiencies exist, an assurance report draws attention to the deficiencies in that information so that users are aware of what the deficiencies are. 5. Other examples of assurance engagements The key example of an assurance engagement in Malawi is a statutory audit. We shall look briefly at the nature of this engagement in the next section. Other examples of assurance engagements include other audits, which may be specialised due to the nature of the business, for example: Value for money Audits Circulation reports (for example, for magazines) Cost/benefit reports Due diligence (where a report is requested on an acquisition target) Reviews of specialist business activities Internal audit Inventories and receivables reports Internal control reports 6 ASSURANCE Reports on business plans or projection 6. Limitations of an assurance service A key issue for accountants is that there are limitations to assurance services, and therefore there is always a risk involved that the wrong conclusion will be drawn. The limitations of assurance services include: The practitioners do not oversee the process of building the subject matter from start to finish. The subject matter systems on which assurance providers may place a degree of reliance also have inherent limitations. Most assurance evidence is persuasive rather than conclusive. The assurance providers would not test every item in the subject matter (this would be prohibitively expensive for the responsible party), so a sampling approach is used. The client's staff members may collude in fraud that can then be deliberately hidden from the practitioner or misrepresent matters to them for the same purpose. Assurance provision can be subjective and professional judgements have to be made (for example, about what aspects of the subject matter are the most important, how much evidence to obtain, etc). Assurance providers rely on the responsible party and its staff to provide correct information, which in some cases may be impossible to verify by other means. Some items in the subject matter may be estimates and are therefore uncertain. It is impossible to conclude absolutely that judgemental estimates are correct. The nature of the assurance report might itself be limiting, as every judgement and conclusion the assurance provider has drawn cannot be included in it. 7. Level of Assurance The definition of an assurance engagement given above is taken from the International Framework for Assurance Engagements, which is issued by the International Federation of Accountants (IFAC), a global organisation for the accountancy profession, which works with its member organisations to protect the public interest by encouraging high quality practices around the world and ICAM is a member of IFAC. The Framework identifies two types of assurance engagement: 7.1 Reasonable assurance: A reasonable assurance is a high level of assurance that is less than absolute assurance, that engagement risk has been reduced to an acceptable low level, which then allows a conclusion to be expressed positively. A reasonable assurance engagement involves: An understanding of the underlying subject matter and other engagement circumstances, identifying and assessing the risks of material misstatement in the subject matter information; 7 ASSURANCE Designing and performing procedures to respond to the assessed risks and to obtain reasonable assurance to support the practitioner's conclusion; and Evaluating the sufficiency and appropriateness of the evidence obtained in the context of the engagement and, if necessary in the circumstances, attempting to obtain further evidence. 7.2 Limited assurance: A meaningful level of assurance that is more than inconsequential but is less than reasonable assurance, that engagement risk has been reduced to an acceptable level, which then allows a conclusion to be expressed negatively. Negative assurance is when an auditor gives an assurance that nothing has come to his attention which indicates that the financial statements have not been prepared according to the framework. In other words, he gives his assurance in the absence of any evidence to the contrary. 7.2.1 A limited assurance engagement involves: An understanding of the underlying subject matter and other engagement circumstances, identifying areas where a material misstatement of the subject matter information is likely to arise; Designing and performing procedures to address those areas and to obtain limited assurance to support the practitioner's conclusion; and If the practitioner becomes aware of a matter(s) that causes the practitioner to believe the subject matter information may be materially misstated, designing and performing additional procedures to obtain further evidence. Assurance type Reasonable Assurance level High Limited Moderate Opinion/Conclusion Example Positive Audit of financial information Negative Review of financial information 8. Expectations gap There is much confusion in the investing public’s mind about the true nature of assurance that service providers express in their reports. This is often because users are not aware of the nature of the limitations on assurance provision, or do not understand them and believe that the assurance provider is offering a service (such as a guarantee of correctness) which in fact he is not. The distinction between reasonable and limited assurance may also be misunderstood by users. Steps that can be taken to reduce the gap between public expectations and audit performance include: improve assurance service providers’ performance educate the public 8 ASSURANCE 9. Chapter Summary An assurance engagement is where one party is engaged, to give an opinion, on a piece of information that has been prepared by another party. An assurance has five major element namely, three party relationship, subject matter, suitable criteria, sufficient appropriate evidence and a written report. Some benefits of an assurance are independence professional opinion, additional confidence to other users and it is a deterrent to error /fraud. 10. End of chapter question 1. Accountants are frequently required to provide assurance for a range of non-audit engagements. Required: (a) State the five elements of an assurance engagement (b) Give reasons why it is not appropriate to give a reasonable assurance 2. Mention the benefits of an assurance service? 9 ASSURANCE CHAPTER 2: ASSURANCE PROCESS Topic List 1. Introduction; 2. Assurance Process; 3. Accepting an engagement; 4. Planning; 5. Engagement Strategy and plan; 6. Evidence; 7. Materiality; 8. Audit risk; 9. Nature, timing and extent of engagement procedures; 10. Financial statement assertions; 11. Documentation; 12. Assurance report; 13. Chapter summary; and 14. End of chapter questions. Learning Outcomes By the end of this chapter students should be able to: define the assurance process which includes: obtaining engagement, planning, determination of scope of work and obtaining evidence; compare different methods of obtaining evidence; recognize the strength and weaknesses of different methods of obtaining evidence; select the appropriate methods of obtaining evidence from the test of controls and substantive testing procedures for a given subject matter. 10 ASSURANCE 1. Introduction In this chapter we will look at how an assurance engagement is obtained, assurance evidence, materiality, documentation and some different examples of assurance reports. In this chapter an audit has been used as an assurance engagement example, however take note some of the procedures listed may apply to other assurance engagements. 2. The Assurance Process Accountants are often invited to tender for particular engagements, which mean that they offer a quote for services, outlining the benefits of their firm and personnel, usually in competition with other firms which are tendering at the same time. Section 210 of the IFAC Code of Ethics sets out the rules under which accountants should accept new appointments. Before a new client is accepted, the professional accountant must determine whether there is any independence or other ethical issues likely to cause significant problems with the ethical code. 3. Accepting an engagement Key acceptance guidelines for an audit engagement- in accordance with ISA 210. Before accepting a new client relationship, a professional accountant in public practice shall determine whether acceptance would create any threats to compliance with the fundamental principles. The professional accountant must: Ensure the firm is independent Ensure the firm is competent Ensure firm’s resources are adequate to service client’s needs i.e. adequate staff, expertise and time. Obtain references in respect of new client. Assess the risk attaching to the client. Communicate with present auditor (if it is an audit engagement) Rules of Professional Conduct Statement when there are 'Changes in a professional appointment. Obtain client’s permission to communicate with present auditor. If refused decline nomination. If permission granted, write to auditor requesting information which may help to decide whether to accept nomination Present auditor receiving request should. request client’s permission to freely discuss affair. if refused inform proposed new auditor (who should decline nomination). discuss freely all relevant matters if permission granted by client. 11 ASSURANCE After accepting nomination Ensure outgoing auditor’s removal/resignation properly conducted in accordance with national regulations. Ensure new appointment is properly conducted. Send out an Engagement Letter to the directors Engagement Acceptance The fundamental principle of professional competence and due care imposes an obligation on a professional accountant in public practice to provide only those services that the professional accountant in public practice is competent to perform. Before accepting a specific client engagement, a professional accountant in public practice shall determine whether acceptance would create any threats to compliance with the fundamental principles. For example, a self-interest threat to professional competence and due care is created if the engagement team does not possess, or cannot acquire, the competencies necessary to properly carry out the engagement. A professional accountant in public practice shall evaluate the significance of threats and apply safeguards, when necessary, to eliminate them or reduce them to an acceptable level. Examples of such safeguards include: Acquiring an appropriate understanding of the nature of the client’s business, the complexity of its operations, the specific requirements of the engagement and the purpose, nature and scope of the work to be performed; Acquiring knowledge of relevant industries or subject matters; Possessing or obtaining experience with relevant regulatory or reporting requirements; Assigning sufficient staff with the necessary competencies; Using experts where necessary; Agreeing on a realistic time frame for the performance of the engagement; or Complying with quality control policies and procedures designed to provide reasonable assurance that specific engagements are accepted only when they can be performed competently. 12 ASSURANCE The nominee practitioner must carry out the following procedures. Ensure professionally qualified to act Consider whether disqualified on legal or ethical grounds, for example if there would be a conflict of interest with another client. We will look in more detail at ethical issues later in this Study manual. Ensure existing resources adequate Consider available time, staff and technical expertise. Obtain references Make independent personally known. Communicate with present auditors Enquire whether there are reasons/circumstances behind the change which the new auditors ought to know, also as a matter of courtesy. enquiries if directors not Some of the basic factors for consideration are given below. The integrity of those managing a company will be of great importance, particularly if the company is controlled by one or a few dominant personalities. The assurance engagement firm will also consider whether the client is likely to be high or low risk to the firm in terms of being able to draw an appropriate assurance conclusion in relation to that client. The following table contrasts low and high risk clients. Low risk High risk Good long-term prospects Poor recent or forecast performance Well-financed Likely lack of finance Strong internal controls Significant control weaknesses Conservative, prudent accounting policies Evidence of questionable integrity, doubtful accounting policies Competent, honest management Lack of integrity among top management Few unusual transactions Significant unexplained transactions or transactions with connected companies Where the risk level of a company’s assurance engagement is determined as anything other than low, then the specific risks should be identified and documented. It might be necessary 13 ASSURANCE to assign specialists in response to these risks, particularly industry specialists, as independent reviewers. Some assurance engagement firms have procedures for closely monitoring engagements which have been accepted, but which are considered high risk. Sources of information about new clients Enquiries of other sources Bankers, solicitors Review of documents eg Most recent annual accounts, listing particulars, credit rating Previous accountants/auditors Previous auditors should be invited to disclose fully all relevant information Review of rules and standards Consider specific laws/standards that relate to industry Example: Agreeing terms of an engagement- in an Audit engagement Terms of an audit engagement. The auditor and the client should agree on the terms of the engagement, which need to be recorded in an audit engagement letter or other suitable form of contract. This contract should be in writing. The engagement letter documents and confirms the auditor’s acceptance of the appointment, the objective and scope of the audit, the extent of the auditor’s responsibilities to the client and the form of any reports. When other services such as tax, accounting or management advisory services are to be provided, separate letters may be appropriate. The auditor should regularly review the terms of engagement and if appropriate issue a new engagement letter or agree any updates in writing (if a change in management, professional standards or services provided). Principal contents of an engagement letter: a. Objective of the audit of financial statements b. Management’s responsibility for the financial statements c. The scope of the audit, including reference to applicable legislation, regulations, or pronouncements of professional bodies to which the auditor adheres. d. The form of any reports or other communication of results of the engagement. e. The fact that because of the test nature and other inherent limitations of an audit, together with the inherent limitations of internal control, there is an unavoidable risk that even some material misstatement may remain undiscovered. f. Unrestricted access to whatever records, documentation and other information requested in connection with the audit. Additional contents include: Arrangements regarding the planning and performance of the audit. Expectation of receiving a management representation letter Request to confirm terms by acknowledging receipt of engagement letter. Description of any other letter or reports the auditor expects to issue to the client. The basis on which fees are computed and any billing arrangements. 4. Expectations gap 14 ASSURANCE The need for planning The practitioner should plan the engagement work so that the engagement should be performed in an effective manner. Planning' entails developing a general strategy and a detailed approach for the expected nature, timing and extent of an assurance engagement. The form and nature of planning is affected by i. Size of the entity ii. Complexity of the assurance engagement iii. Practitioner’s experience with the entity iv. Knowledge of the business. v. Commercial environment vi. Method of processing transactions vii. Reporting requirements Objectives of planning a. Ensuring that appropriate attention is devoted to important areas of the assignment. b. Ensuring that potential problems are identified. c. Ensuring that the work is completed expeditiously. d. Proper assignment of work to assistants. e. Coordination of work done by other auditors and experts; and f. Facilitating review. 5. The engagement strategy and the engagement plan Below are the steps engaged in coming up with an engagement Plan and strategy (detailed engagement strategy and plan have been explained in later chapters):Step 1 Ensuring that ethical requirements continue to be met. Step 2 Ensuring the terms of the engagement are understood Step 3 Establishing the overall engagement strategy. Identifying the relevant characteristics of the engagement, such as the reporting framework used as this will set the scope for the engagement. Discovering key dates for reporting and other communications. Determining materiality, preliminary risk assessment, whether. Consideration of ‘team members’ available, their skills and how and when they are to be used, for example particular skills for high risk areas. In addition, appropriate levels of staff are required to facilitate direction, supervision and review of more junior team members’ work. Developing an engagement plan including risk assessment procedures, assurance tests and any other procedures necessary to comply with International Standards on Auditing (ISAs)/ International Standards on Assurance Engagements (ISAEs) Step 4 The engagement plan and any significant changes to it during the assurance engagement must be documented.( refer to chapter 5). 15 ASSURANCE 6. Evidence Evidence includes both the information contained within the accounting records underlying the financial statements, and other information gathered by the practitioner, such as confirmations from third parties. Practitioners are not expected to look at all the information that might exist. They will often perform their testing on a sample basis. Tests of controls: Procedures designed to evaluate the operating effectiveness of controls in preventing, or detecting and correcting material misstatements at the assertion level. Substantive procedures: procedures designed to detect material misstatements at the assertion level. Substantive procedures comprise: Tests of detail (of classes of transactions, account balances and disclosures). Substantive analytical procedures. Professional Skepticism Professional skepticism is an attitude that includes being alert to, for example: i. ii. iii. iv. Evidence that is inconsistent with other evidence obtained; Information that calls into question the reliability of documents and responses to inquiries to be used as evidence; Circumstances that suggest the need for procedures in addition to those required by relevant ISAEs or ISAs and Conditions that may indicate likely misstatement. Maintaining professional skepticism throughout the engagement is necessary to reduce the risk of: i. Overlooking unusual circumstances; ii. Over generalising when drawing conclusions from observations; and iii. Using inappropriate assumptions in determining the nature, timing and extent of procedures and evaluating the results thereof. Professional Judgement Professional judgement is essential to the proper conduct of an assurance engagement. This is because interpretation of relevant ethical requirements and relevant ISAEs or ISAs and the informed decisions required throughout the engagement cannot be made without the application of relevant training, knowledge and experience to the facts and circumstances. Professional judgement is necessary in particular regarding decisions about: Materiality and engagement risk. The nature, timing, and extent of procedures used to meet the requirements of relevant ISAs and ISAEs to obtain evidence. Evaluating whether sufficient appropriate evidence has been obtained, and whether more needs to be done to achieve the objectives of relevant ISAs/ISAEs. The appropriate conclusions to draw based on the evidence obtained. Sufficiency and Appropriateness of Evidence The sufficiency and appropriateness of evidence are interrelated. Sufficiency is the measure of the quantity of evidence. The quantity of evidence needed is affected by the risks of the subject matter information being materially misstated (the higher the risks, the more evidence is likely to be required) and also by the quality of such evidence (the higher the quality, the less may be required). 16 ASSURANCE Evidence is more reliable when it is obtained from sources outside the appropriate party (ies). i. Evidence that is generated internally is more reliable when the related controls are effective. ii. Evidence obtained directly by the practitioner (for example, observation of the application of a control) is more reliable than evidence obtained indirectly or by inference (for example, inquiry about the application of a control). iii. Evidence is more reliable when it exists in documentary form, whether paper, electronic, or other media (for example, a contemporaneously written record of a meeting is ordinarily more reliable than a subsequent oral representation of what was discussed). iv. Evidence obtained from external sources is more reliable than that obtained from the entity’s records v. Original documents are more reliable than photocopies of facsimiles. 7. Materiality The concept of materiality relates to items that are significant to the users of the subject matter. An item is said to be material if it can influence the decision of users or decision makers of the subject matter. Materiality is therefore an expression of the relative significance or importance of a particular matter Misstatements, including omissions, are considered to be material if they, individually or in the aggregate, could reasonably be expected to influence relevant decisions of intended users taken on the basis of the subject matter information. The practitioner's consideration of materiality is a matter of professional judgment, and is affected by the practitioner's perception of the common information needs of intended users as a group. Materiality is relevant when planning and performing the assurance engagement, including when determining the nature, timing and extent of procedures, and when evaluating whether the subject matter information is free of misstatement. Professional judgments about materiality are made in light of surrounding circumstances, but are not affected by the level of assurance, that is, for the same intended users and purpose, materiality for a reasonable assurance engagement is the same as for a limited assurance engagement because materiality is based on the information needs of intended users. 8. Audit Risk Audit risk is the risk that the practitioner expresses an inappropriate conclusion when the subject matter information is materially misstated. Subject matter information can fail to be properly expressed in the context of the underlying subject matter and the criteria, and can therefore be misstated, potentially to a material extent. This occurs when the subject matter information does not properly reflect the application of the criteria to measure or evaluate the underlying subject matter. 17 ASSURANCE Audit risk does not refer to or include the practitioner's business risks, such as loss from litigation, adverse publicity, or other events arising in connection with particular subject matter information. Reducing audit risk to zero is very rarely attainable or cost beneficial and, therefore, "reasonable assurance" is less than absolute assurance, as a result of factors such as the following: The use of sampling testing. The inherent limitations of internal control. The fact that much of the evidence available to the practitioner is persuasive rather than conclusive. The use of professional judgment in gathering and evaluating evidence and forming conclusions based on that evidence. In some cases, the characteristics of the underlying subject matter when measured or evaluated against the criteria. 9. Nature, timing and extent of procedures A combination of procedures is typically used to obtain either reasonable assurance or limited assurance. Procedures may include: Inspection Inspection of tangible assets that are recorded in the accounting records confirms existence, but does not necessarily confirm rights and obligations or valuation. Confirmation that assets seen are recorded in accounting records gives evidence of completeness. Inspection may also involve examination of documents and records, both internal and external, in paper, electronic or other forms. This procedure provides evidence of varying reliability, depending on the nature, source and effectiveness of controls over production (if internal). Inspection can provide evidence of existence (eg a document constituting a financial instrument), but not necessarily about ownership or value. Observation This involves watching a procedure or process being performed (for example, post opening). It is of limited use, as it only confirms the procedure took place when the auditor was watching, and because the act of being observed could affect how the procedure or process was performed. Confirmation This is the process of obtaining a representation of information or of an existing conditions directly from a third party eg confirmation from bank of bank balances. Re-calculation This consists of checking the mathematical accuracy of documents or records and can be performed through the use of IT. Re-performance This is the auditor's independent execution of procedures or controls that were originally performed as part of the entity's internal control. 18 ASSURANCE Analytical procedures Evaluating and comparing financial and/or non-financial data for plausible relationships. Also include the investigation of identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts. Inquiry This involves seeking information from client staff or external sources. Strength of evidence depends on the knowledge and integrity of the source. Inquiry alone does not provide sufficient audit evidence to detect a material misstatement at assertion level nor is it sufficient to test the operating effectiveness of controls. The exact nature, timing and extent of procedures will vary from one engagement to the next. Both reasonable assurance and limited assurance engagements require the application of assurance skills and techniques and the gathering of sufficient appropriate evidence as part of an iterative, systematic engagement process that includes obtaining an understanding of the underlying subject matter and other engagement circumstances. 10. Financial statements Assertions Financial statement assertions are the representations by management, explicit or otherwise, that are embodied in the financial statements, as used by the auditor to consider the different types of potential misstatements that may occur. The auditor must use assertions for classes of transactions (ie statement of comprehensive income), account balances (ie statement of financial position), and presentation and disclosures in sufficient detail to form the basis for the assessment of risks of material misstatement and the design and performance of further audit procedures. The table gives examples of assertions. 19 ASSURANCE Assertions used by Auditors Assertions about classes of transactions and events for the period under audit Occurrence: transactions and events that have been recorded have occurred and pertain to the entity. Completeness: all transactions and events that should have been recorded have been recorded. Accuracy: amounts and other data relating to recorded transactions and events have been recorded appropriately. Cut-off: transactions and events have been recorded in the correct accounting period. Classification: transactions and events have been recorded in the proper accounts. Assertions about Existence: assets, liabilities, and equity interests exist. account balances at Rights and obligations: the entity holds or controls the rights to assets, the period-end and liabilities are the obligations of the entity. Completeness: all assets, liabilities and equity interests that should have been recorded have been recorded. Valuation and allocation: assets, liabilities, and equity interests are included in the financial statements at appropriate amounts and any resulting valuation or allocation adjustments are appropriately recorded. Assertions presentation disclosure about Occurrence and rights and obligations: disclosed events, transactions and and other matters have occurred and pertain to the entity. Completeness: all disclosures that should have been included in the financial statements have been included. Classification and understandability: financial information is appropriately presented and described, and disclosures are clearly expressed. Accuracy and valuation: financial and other information are disclosed fairly and at appropriate amounts. When designing audit plans and procedures for specific areas, the auditor should focus on the financial statement assertions that he/she is trying to find evidence to support. 20 ASSURANCE 11. Documentation The practitioner should document matters which are important in providing engagement evidence to support the practitioner's opinion and evidence that the engagement was carried out in accordance with ISAs, ISAEs. Working papers: Assist in the planning and performance of the engagement Assist in the supervision and review of engagement work Enable the engagement team to be accountable for its work Retain a record of matters of continuing significance to future engagements; and Enable quality control reviews to be performed. Characteristics of documentations. Should be complete and detailed to enable an experienced and practitioner with no previous connection with the assurance engagement subsequently to ascertain from them what work was performed and to support the conclusions reached. Should record information on the assurance’s planning the engagement, the nature, timing and extent of the engagement procedures performed, and the results thereof, and the conclusions drawn from the evidence obtained. Should include the practitioner’s reasoning on all significant matters requiring exercise of judgement, with the practitioner’s conclusions thereon Example – Types of audit engagement files. Type of file Examples of documents contained Permanent audit file (PAF): This contains documents of continuing importance Current audit file (CAF): This • contains information relevant to current year's audit Engagement letters Legal documents such as prospectuses, leases, sales agreement Details of the history of the client's business. Previous years' signed accounts, analytical review and management letters. Accounting systems notes, previous years' control questionnaires Financial statements Accounts checklists A summary of unadjusted errors Review notes Audit planning memorandum Time budgets and summaries Letter of representation Management letter Notes of board minutes Communications with third parties A lead schedule including details of the figures to be included in the accounts Problems encountered and conclusions drawn Audit programmes Analytical review. Details of substantive tests and tests of control 21 ASSURANCE 12. Assurance Report The practitioner forms a conclusion on the basis of the evidence obtained, and provides a written report containing a clear expression of that assurance conclusion about the subject matter. ISAs, ISAEs establish basic elements for assurance reports. In a reasonable assurance engagement, the practitioner's conclusion is expressed in the positive form that conveys the practitioner's opinion on the outcome of the measurement or evaluation of the underlying subject matter. Examples of conclusions expressed in a form appropriate for a reasonable assurance engagement include: When expressed in terms of the underlying subject matter and the applicable criteria, "In our opinion, the entity has complied, in all material respects, with XYZ law"; When expressed in terms of the subject matter information and the applicable criteria, "In our opinion, the financial statements present fairly, in all material respects, the financial position of the entity as at [date] and its financial performance and its cash flows for the year then ended in accordance with XYZ framework"; When expressed in terms of a statement made by the appropriate party, "In our opinion, the [appropriate party's] statement that the entity has complied with XYZ law is, in all material respects, fairly stated," or "In our opinion, the [appropriate party's] statement that the key performance indicators are presented in accordance with XYZ criteria is, in all material respects, fairly stated." In a direct engagement, the practitioner's conclusion is phrased in terms of the underlying subject matter and the criteria. In a limited assurance engagement, the practitioner's conclusion is expressed in a form that conveys whether, based on the engagement performed, a matter(s) has come to the practitioner's attention to cause the practitioner to believe the subject matter information is materially misstated, for example, "Based on the procedures performed and evidence obtained, nothing has come to our attention that causes us to believe that the entity has not complied, in all material respects, with XYZ law." The practitioner's conclusion is clearly separated from information or explanations that are not intended to affect the practitioner's conclusion, including any Emphasis of Matter, Other Matter, findings related to particular aspects of the engagement, recommendations or additional information included in the assurance report. The wording used makes it clear that an Emphasis of Matter, Other Matter, findings, recommendations or additional information is not intended to detract from the practitioner's conclusion. The practitioner expresses a modified conclusion in the following circumstances: i. When, in the practitioner's professional judgment, a scope limitation exists and the effect of the matter may be material. In such cases, the practitioner expresses a qualified conclusion or a disclaimer of conclusion. In some cases, the practitioner considers withdrawing from the engagement. ii. When, in the practitioner's professional judgment, the subject matter information is materially misstated. In such cases, the practitioner expresses a qualified conclusion or adverse conclusion. In those direct engagements where the subject matter information is the practitioner's conclusion, and the practitioner concludes that some or all of the underlying subject matter does not, in all material respects, conform with the criteria, such a conclusion would also be considered to be qualified (or adverse as appropriate). 22 ASSURANCE A qualified conclusion is expressed when the effects, or possible effects, of a matter are not so material and pervasive as to require an adverse conclusion or a disclaimer of conclusion. If it is discovered after the engagement has been accepted that one or more preconditions for an assurance engagement is not present, the practitioner discusses the matter with the appropriate party(ies), and determines: i. ii. iii. Whether the matter can be resolved to the practitioner's satisfaction; Whether it is appropriate to continue with the engagement; and Whether and, if so, how to communicate the matter in the assurance report. If it is discovered after the engagement has been accepted that some or all of the criteria are unsuitable or some or all of the underlying subject matter is not appropriate for an assurance engagement, the practitioner considers withdrawing from the engagement, if withdrawal is possible under applicable law or regulation. If the practitioner continues with the engagement, the practitioner expresses: i. A qualified conclusion or adverse conclusion depending on how material and pervasive the matter is, when, in the practitioner's professional judgment, the unsuitable criteria or inappropriate underlying subject matter is likely to mislead the intended users; or ii. A qualified conclusion or a disclaimer of conclusion depending on, in the practitioner's professional judgment, how material and pervasive the matter is, in other cases. Chapter Summary In this chapter we looked at Factors a practitioner should consider before accepting an engagement, rules of professional conduct when there is change to professional appointment and sources of information about new clients. We also looked at principle contents of engagement letter, engagement strategy and plan, nature, timing and extent of procedures and financial statements assertions. 23 ASSURANCE End of chapter questions. 1. A practitioner is supposed to obtain sufficient and appropriate evidence in accordance with the relevant ISAEs . Appropriateness is a measure of the quality of engagement evidence; that is, its relevance and its reliability. Required: Identify and explain THREE factors which influence the reliability of engagement evidence. 2. It is important for a practitioner to document his/her work on a timely basis. Required: Describe FOUR benefits of documenting engagement work. 3. ISA 300 Planning an Audit of Financial Statements provides guidance to auditors. Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan. Adequate planning benefits the audit of financial statements in several ways. Required: Explain the importance of audit planning. 24 ASSURANCE CHAPTER 3: LEGAL AND PROFESSIONAL FRAMEWORK Topic List 1. International Federation of Accountants (IFAC); 2. Roles of IFAC; 3. International Auditing and Assurance Standards Board (IAASB); 4. The scope and authority of IAASB pronouncements; 5. Regulation by the profession; 6. Appointment of an auditor; 7. Rights and duties of an auditor; 8. Law of contract and an auditor; 9. Negligence; 10. Law of Tort; 11. Auditor’s Liability; 12. Money Laundering and whistle blowing; and 13. Unlawful acts of clients and their staff. Learning Outcomes By the end of this chapter students should be able to: identify the roles of regulation and guidelines in engagements; discuss auditors appointment, rights, duties, remuneration and removal or resignation; explain the different perspectives in which a professional accountant would provide assurance services; discuss the law of contract and how it can affect an assurance engagement; explain instances that may give rise to an auditor being negligent; explain the law of tort and audit engagement; and Explain the auditors civil and criminal liability. 25 ASSURANCE 3.1 Introduction In this chapter we look at the professional framework as well as the legal framework of the assurance services. The legal framework is guided by law and it relates to audit assignment as an assurance service while as the professional framework is guided by relevant International regulatory bodies. Under professional framework we will look at professional guidelines when performing assurance services. The second part of this chapter covers qualifications of an auditor, process of audit engagement, duties and rights of an auditor as an expert, resignation and dismissal and associated rights and duties. These are covered by the Malawi Companies Act. Contract law, law of tort and criminal law have also been discussed and the chapter ends with a discussion of money laundering and unlawful acts of clients 1. Professional framework The auditing profession is subject to regulations from a range of sources. National legislation National regulation and standard-setting International standard-setting Professional bodies, eg ICAM 2. International Federation of Accountants (IFAC) 2.1 IFAC came into being as a result of initiatives put forward in 1973 and formally approved at the International Congress of Accountants in Munich in 1977. It is a non-profit, nongovernmental and non-political international organisation of accountancy bodies. Mission 2.2 The mission of IFAC is, “to serve the public interest, strengthen the global accountancy profession and contribute to the development of strong international economies by establishing and promoting adherence to high-quality professional standards, furthering the international convergence of such standards, and speaking out on public interest issues where the profession's expertise is most relevant.” Council 2.3 This consists of one representative from each member body of IFAC. It elects the members of the Board and establishes the basis of financial contributions by members. The Board consists of the President and representatives from 16 countries elected by the Council for three-year terms. Elections to the Board are held annually so that one third of the Board retire each year. The role of the Board is to supervise the general IFAC work program. The work program itself is implemented by smaller working groups or the following standing technical committees: 26 ASSURANCE International Auditing and Assurance Standards Board Compliance Committee Education Committee Ethics Committee Financial and Management Accounting Committee Public Sector Committee Transnational Auditors Committee (executive arm of the Forum of Firms). 3. International Auditing and Assurance Standards Board (IAASB) 3.1 The IAASB was established to develop and issue standards and statements on auditing, assurance and related services on behalf of the IFAC Board. 3.2 The objective of the IAASB, on behalf of the IFAC Board, is to serve the public interest by setting high quality auditing and assurance standards and by facilitating the convergence of international and national standards, thereby enhancing the quality and uniformity of practice throughout the world and strengthening public confidence in the global auditing and assurance profession. The IAASB achieves this objective by: Establishing high quality auditing standards and guidance for financial statement audits that are generally accepted and recognised by investors, auditors, governments, banking regulators, securities regulators and other key stakeholders across the world. Establishing high quality standards and guidance for other types of assurance services on both financial and non-financial matters. Establishing high quality standards and guidance for other related services. Establishing high quality standards for quality control covering the scope of services addressed by the IAASB; and Publishing other pronouncements on auditing and assurance matters, thereby advancing public understanding of the roles and responsibility of professional auditors and assurance service providers practicing throughout the world and strengthening public confidence in the global auditing and assurance profession. The IAASB achieves this objective by: Establishing high quality auditing standards and guidance for financial statement audits that are generally accepted and recognised by investors, auditors, governments, banking regulators, securities regulators and other key stakeholders across the world. 4. The scope and authority of IAASB pronouncements. The IAASB’s pronouncements govern assurance and related services that are conducted in accordance with International Standards. They do not override the local laws or regulations. The pronouncements of the IAASB examinable fall into two categories: International Standards on Auditing (ISAs) International Standards on Assurance Engagements (ISAEs) 27 ASSURANCE The IAASB’s Standards contain basic principles and essential procedures together with related guidance in the form of explanatory and other material. The basic principles and essential procedures are to be understood and applied in the context of the explanatory and other material that provide guidance for their application. It is therefore necessary to consider the whole text of a Standard to understand and apply the basic principles and essential procedures. In exceptional circumstances, a professional accountant may judge it necessary to depart from a requirement of a Standard to achieve more effectively the objective of the engagement. When such a situation arises, the professional accountant should be prepared to justify the departure. The International Auditing and Assurance Standards Board (IAASB) is responsible for setting international standards for audit, quality control, review, other assurance, and related services. It also facilitates the convergence of international and national standards. The IAASB’s International Standards on Auditing (ISAs) are in use or are in the process of being adopted or incorporated in many countries. All of its standards are contained in the IAASB Handbook, including: All standards developed by the IAASB are subject to a rigorous due process, which includes thorough research, stakeholder consultation, and consideration of the views of those affected. The process is also overseen by the Public Interest Oversight Board (PIOB). 4.1 Role of ICAM Education and training of As a member of IFAC, ICAM must comply with IFAC's international standards and guidelines on service providers Pre-qualification education and training Continuing professional education Implementation and IFAC member bodies such as ICAM must prepare ethical enforcement of ethical requirements based on IFAC's International Code of Ethics for Professional Accountants. Member bodies must provide requirements high standards of professional conduct and ensure that ethical requirements are observed. Disciplinary action should normally be taken in the following instances: Failure to observe the required standard of professional care, skills or competence; Non-compliance with the rules of ethics; or Discreditable or dishonourable conduct. The power for disciplinary action may be provided by legislation or by the constitution of the professional body. 5. Legal Framework of Assurance Service. 5.1 Appointment of an auditor (Section 191) The act requires every company to appoint an auditor:28 ASSURANCE The company shall at each general meeting, at which the financial statements are presented appoint an auditor. Tenure of office is from the conclusion of the meeting to the conclusion of the following general meeting at which accounts are laid. Directors of the company can also appoint directors to fill in a casual vacancy or on commencement of a new company. (before the first annual general meeting- AGM) Registrar of companies. 5.2 Qualification of an auditor (Section 192) A person is eligible for appointment as a company auditor if he/she is qualified under the public accountants and auditors act. The following cannot act as auditors An officer of an employee of a company A shareholders of the company A person disqualified from acting as an auditor to any other corporate body within the same group. It is an offence for a person to act as a company auditor if he/she is ineligible and requires vacation of office if he becomes ineligible. A second audit is requested if the first one was carried out by an ineligible auditor. 5.3 Remuneration of an auditor (Section 192 Malawi Companies Act) Remuneration refers to earnings generated through the provision of goods and services. Auditor’s remuneration is fixed by those who appoint him, that is, the shareholder or directors. Sometimes it is fixed in such a manner as the company thinks fit, this is usually the basis taken in practice. The auditor’s remuneration shall be stated in the notes to the company’s financial statements, disclosure in the financial statement must also be made of remuneration including benefits in kind paid to the auditors. 5.4 Resignation of Auditors Resignation is one of the rights of the auditor, some of the reasons for the auditors’ resignation are:- 1. Ill health: Sickness may cause to fail to execute his/her duties. 2. Growth in the size of the audit firm such that the fee is inadequate. 3. Restriction to the extent of audit work: This is where the auditor concludes that because of fraud or other irregularity the accounts do not show a true and fair view and there is no immediate opportunity to report to the members. 5.5.1 Resignation procedures The following steps are to be followed when an auditor wishes to resign:i. Depositing a notice of resignation to the registered office of the client. 29 ASSURANCE ii. iii. iv. The notice must be accompanied by a statement of circumstances. A statement of circumstances is a description of matters which the auditor considers should be brought to the attention of members or creditors as well as the absence of such, for example, fraudulent training. The statement of circumstances should be sent to the Registrar of companies within twenty eight (28) days. The statement can also be sent by the company to everyone entitled to receive a copy of the accounts and a copy of the statement to Registrar of companies or otherwise face a fine within fourteen (14) days unless the company applies to court because the statement is defamatory. Auditors can cease to be an auditor by simply not seeking re-election. In that case, the auditor must still deposit a statement of circumstances. The statement must be sent to the company and the Registrar of companies. 5.5 Rights and duties of an auditor on resignation The auditor must deposit a notice of resignation and statement of circumstances and notice calling the company to call an extraordinary general meeting. The directors must call for a meeting within twenty one (21) days and must send out copies of the statement of circumstances. The auditor can receive all notices that relate to the general meeting where their term of office would have expired and the general meeting where casual vacancy caused by the resignation is to be filled. Auditors can speak at these meetings on any matters which concerns them as auditors. When the directors fail to send out the copies of the statement of circumstances, the auditor can require that the statement be read at the meeting. 5.6 Duties and rights of an auditor The Malawi Companies Act 1984 (Section 194) lays out duties and rights of auditors as detailed below: 5.6.1 i. ii. iii. iv. v. vi. vii. Duties of an auditor To make a report to the members or shareholders on all financial statements laid before members in an annual general meeting. To state in his/her report whether accounts comply with the requirements of the Act and that they show a true and fair view in his/her opinion To report if proper accounting records have been kept. To report if proper returns from branches not visited by the auditor have not been received. To report if financial statements are not in agreement with the books of accounts. To consider if any information in the Director’s report is inconsistent with the accounts and to report any such instances. To investigate (this is an implied duty) if there are indications that material errors and fraud have occurred. 30 ASSURANCE 5.6.2 Rights of an auditor The auditor has the following rights under the Companies Act 1984 (Section 194) in order to carry out their duties: i. ii. iii. iv. v. vi. vii. viii. Right to access at all times to the books, accounts, vouchers or documents of the company. Right to require from directors, employees of the company any information which the auditor thinks necessary. Right to receive notices and attend meetings and to report on any matters concerning him/her as an auditor. Right to make a report on findings including failure of the directors to provide him with information and explanation which he deems necessary. Right to be heard when making a presentation during a meeting Right to a reasonable remuneration Right to a lien. (A lien is right to hold or keep somebody’s property until that somebody settles a debt) Right to receive correct information 5.7 Dismissal (Removal) of auditors Company law takes the view that auditors must be changed or removed if the shareholders wish. Why the change a. To avoid manipulation by the directors because of familiarity with the auditors. A company can remove auditors before expiry of his/her tenure of office. However the following requirements have to be followed. i. The company must pass an ordinary resolution at an extraordinary general meeting. ii. A special notice of dismissal must be given to the auditor within twenty-eight (28) days. If the auditor feels that his/her dismissal is unjustified, he has the following statutory rights. a. The auditor has the right to make a representation which requires the company to state that representations have been made by the auditor and notice given to the shareholders. b. If the representations are not sent to the shareholders, the auditor may require that the representation be read out at the meeting. The representation need not be read out in the meeting if on application of either the company or any other person who claims to be aggrieved and the court is satisfied that the auditor’s rights is being abused to obtain needless publicity for defamatory matter. 31 ASSURANCE 5.7.1 False statements to auditors (Section 335) An officer of the company commit an offence if he/she knowingly or recklessly makes to the company auditors a statement which the auditors require and is misleading, false or deceptive. The person guilty of this offence is liable to imprisonment and/or a fine or both. 6. Law of contract and the auditor Contract law is the law that regulates binding agreements. The law of contract affects auditors as follows: The auditor and the client agree to express terms of the contract set out in the engagement letter. The law may also impose implied terms into contractual agreements 6.1 Implied terms. Implied terms are terms deemed to form part of the contract even though not expressly mentioned by the parties to the contract. Examples The auditors have a duty to exercise reasonable care and skill The auditors have a duty to carry out the work required with reasonable expediency. The auditors have a right to reasonable remuneration. 6.2 Reasonable care Reasonable care is the degree of care, diligence, or precaution that may fairy, ordinarily, and properly be expected or required in consideration of the nature of action, the subject matter and the surrounding events. Examples of reasonable care (exercised by the auditor) Auditors should use generally accepted auditing techniques contained in the auditing standards. If auditors’ suspicious are aroused (this is called being “put upon enquiry”) they must carry out investigations until they are satisfied as to what those suspicions mean. Auditors must act honestly and carefully when making judgements. 7. Negligence Negligence is an act or omission which occurs because the person concerned failed to exercise that degree of reasonable care and skill which is reasonably expected in the circumstances of the case. The degree of care and skill to be shown should be in terms of depth. 7.1 Indications that negligence exist. i. Failure to exercise sufficient skill and care 32 ASSURANCE ii. iii. iv. Failure to discover fraud or error when put upon enquiry. In the absence of suspicious events, the auditor is entitled to accept the work of a responsible company official. But once an auditor’s suspicions have been aroused there is a duty to probe the matter to the bottom. There is loss of money from the failure of the auditor to do his or her work. The auditor may be dishonest or connive at the dishonest of others. If the above dishonest are proved the auditor may have to make good from his own resources the loss suffered by another person. When the auditors breach their implied duty of care under the contract, the client may be entitled to bring successful claim against the auditor. In order for the claim to be successful, three things must be proved. i. ii. iii. There must have been a duty of care enforceable by law. Negligence. The client must have suffered monetary loss as a result of the auditors’ negligence. Court case example Thomas Gerrard and Sons 1968 The fact: the Managing Director of a company falsified the accounts to conceal company losses causing dividends to be paid either wholly or partially out of capital over a number of years. He had done this by including non-existing stock and altering invoices which the auditors discovered but pursued no further. Decision: the court held that the discovery of the altered invoices gave the auditors a responsibility to enquire, they were no longer entitled to rest contents. The auditors were negligent. 8. Law of Tort Tort is a body of law that addresses and provides remedies for civil wrong doing not arising out of contractual obligations. A person who suffers legal damage may be able to use tort law to receive compensation from someone who is legally responsible or liable, for those injuries. Tort law involves the relationship between individual citizens or business entities. It is the legal mechanism, which is part of civil law, through which individuals can assert claims against others and those rights adjusted and enforced. 9. Auditor’s liability 9.1 Civil and criminal liability 33 ASSURANCE 9.1.1 Civil liability All auditors can be sued in a civil court when they have breached their position of trust e.g if an auditor uses information acquired during the course of the audit to make financial gains, then in such a case he/she can be sued for breaching his position of trust and confidentiality. i. Negligence liability An auditor is required to exercise reasonable care and skill in the performance of his/her work, if he/she fails to do so, then the question of liability with reference to negligence arises. a. Where an auditor is proved to be negligent, but no loss is sustained by his client arising out of his negligence, then he is not liable. b. An auditor cannot restrict his liability by entering into an agreement as his duties are defined and laid down in the Companies Act 1984, and therefore any such agreement (if executed) would be against the law and will be void. He will still be liable despite of such an agreement. c. An indemnity clause inserted in the articles of a company, by which the directors, managing agents, auditor and other officers of the company are relieved from liability has been declared void be section 194 of the Malawi Companies Act. However the court may relieve an auditor of liability for negligence or misfeasance if it is proved that he/she acted honestly and reasonable. d. If the auditor fails to perform his job with reasonable care and skill and consequently his clients suffers a loss due to his negligence, he is liable to make good the loss on an action being taken against him by the company. ii. Misfeasance liability Misfeasance is a type of failure to discharge public obligations existing by common law, custom or statute. After a company has gone into liquidation, misfeasance proceeding can be instituted against the liquidator, creditor and a contributor of the company. When a company is in liquidation The past and present directors, promoters, managing agents and auditors are liable to make good all losses sustained by the company on account of negligence of duty or bleach of trust if misfeasance proceedings are initiated against them within the prescribed time. iii. Legal liability of auditors Auditors are supposed to perform their work in an honest and careful manner since they can be held liable for negligence in the following ways. a. They don’t carry out their work as required by the auditing standard. b. They fail the duty of protecting the interest of various users of the financial statements i.e any person who relies on their work. c. They don’t carry out their work with due care and skill i.e what an ordinary skilled person would do in that circumstance. The auditors’ liability falls under three categories: To their clients. To third parties in case on negligence. 34 ASSURANCE Civil and criminal liabilities. iv. Liability to third parties In addition to being liable under law of contract, an auditor can also be liable under law of tort, if the person to whom he owed duty of care suffered financial loss as a result of the auditor’s negligence. For a third party to succeed he must prove the following. The auditor owed him duty of care. The auditor was negligent. He has suffered financial loss resulting from the auditor’s negligence. 9.1.2 Criminal liability An auditor shall be criminally liable if he willingly makes a material false statement in any report, certification or in the financial statements with the intention to deceive and mislead. Examples of criminal liabilities include: When the Auditors: accepts appointment when is ineligible to do so or continue in office after becoming ineligible. obtains the advantage of deception. falsifies accounting records or documents publishes misleading statements intended to deceive members. misappropriates a clients’ property. 9.1.3 Liability under law of contract Generally if the auditor has complied with ISA (International Standards on Auditing) it is difficult to prove that he was negligent. In the absence of suspicious circumstances the auditor will not be liable for failing to uncover fraud and error which could not have been discovered by exercise of normal skill and care. The auditor can be accused of negligence if: He fails to detect fraud or error that he could have reasonably detected i.e material misstatement. He fails to comply with the Generally Accepted Auditing Standards (GAAS) and practices e.g attending stock take, circularizing debtors, seeking confirmation of bank balances from the bank. For the client to succeed in a claim for financial loss he must satisfy the court in relation to three matters: i. ii. There existed duty of care enforceable by the law. That where the duty did exist the auditor was negligent in the performance of that duty judged by acceptable professional standards. 35 ASSURANCE iii. That the client suffered some financial loss as a direct consequence of the auditor’s negligence. 9.2 Negligence to third parties 9.2.1 Third party negligence claims A third party is a person who has no contractual relationship with any of the parties in a contract. When the auditors have been negligent it is possible that third party may also have a claim against the auditors even though they do not have a contract with them. There are three requirements for a third party negligence claim to succeed. (as discussed earlier) 9.2.2 Arguments for and against extending auditor’s liability. Arguments for extending auditors liability a. Third parties do rely on the integrity of audited accounts and would seem right that legal liability should reflect that. b. Professional people are paid and should therefore be accountable. c. Where the company suffers loss because of the auditors’ negligence then the current existing legal remedy by the company against the auditor is appropriate. d. If liability is not extended then the public may perceive that the auditor is liable to no one, there is no need for the auditor to exercise skill and care and as such the accounts are not reliable and are of little benefit. 9.2.3 Arguments against extending liability. a. It is unreasonable and unrealistic to say auditors have a liability in an indeterminate amount for indeterminate time to an indeterminate class. b. There are practical difficulties in deciding whether the accounts were relied upon. c. The current legal framework sees the purpose of preparing and auditing accounts as assisting shareholders assessing stewardship of the directors but not in assisting investors in their investments. d. Audit fees would be too high if full liability for investment decisions were taken into account? e. The legal responsibility for preparation of accounts rests with directors and it would seem inequitable if the liability arising out of incorrect accounts were transferred to auditors. f. The work required on an audit would need to be greatly extended at an enormous cost which on welfare economics viewpoint would be misuse of scare resources. g. The company pays the auditors and consequently expects to recover damages if the company loses as a result of auditor negligence. However investors do not pay the auditor and so should not expect to recover any loses. h. Insurance cover for professional indemnity would be even more difficult and expensive. 36 ASSURANCE 9.2.4 Minimising liability Auditors and accountants can minimize their potential liability for professional negligence in the following ways. By not being negligent. By following the precepts of auditing standards. By agreeing the duties and responsibilities in an engagement letter. By defining in their report the precise work undertaken, the work not undertaken and any limitation to the work. By stating in the engagement letter the purpose for which the report has been prepared and that the client may not use it for any other purpose. By stating in the report the purpose of the report and that it may not be relied on for any other purpose. By advising the client in the engagement letter of the need to obtain permission to use the name of the auditor and withholding permission in appropriate cases. By identifying the authorised recipients of the report in the engagement letter and in the report. By limiting liability by a term in the engagement letter or to third parties. By obtaining an indemnity from the client or third party. By defining the scope of professional competence to include only matters within the auditor’s/ accountant’s competence. Chapter Summary IFAC came into being as a result of initiatives put forward in 1973 and formally approved at the International Congress of Accountants in Munich in 1977. It is a non-profit, nongovernmental and non-political international organization of accountancy bodies International Auditing and Assurance Standards Board (IAASB) The IAASB was established to develop and issue standards and statements on auditing, assurance and related services on behalf of the IFAC Board. The pronouncements of the IAASB examinable fall into two categories: International Standards on Auditing (ISAs) International Standards on Assurance Engagements (ISAEs) Appointment of an auditor (Malawi Companies Act Section 191) Members shall at each general meeting, at which the financial statements are presented appoint an auditor. Directors of the company can also appoint directors to fill in a casual vacancy or on commencement of a new company. 37 ASSURANCE Registrar of companies Resignation of Auditors- the auditor can resign due to the following reasons ill health Duties of an auditor To make a report to the members or shareholders on all financial statements laid before members in an annual general meeting. To state in his/her report whether accounts comply with the requirements of the Act and that they show a true and fair view in his/her opinion. To report if proper accounting records have been kept. To report if proper returns from branches not visited by the auditor have not been received. To report if financial statements are not in agreement with the books of accounts. To consider if any information in the Director’s report is inconsistent with the accounts and to report any such instances. To investigate (this is an implied duty) if there are indications that material errors and fraud have occurred. Rights of an auditor Right to access at all times to the books, accounts, vouchers or documents of the company. Right to require from directors, employees of the company any information which the auditor thinks necessary. Right to receive notices and attend meetings and to report on any matters concerning him/her as an auditor. Right to make a report on findings including failure of the directors to provide him with information and explanation which he deems necessary. Right to be heard when making a presentation during a meeting End of Chapter Question Question 1 Dunde Plc was formed on 1 July 2000 to assemble minicomputers. The directors of the company do not know their responsibility and the nature of their relationship with the external auditor. You have been asked to explain to the directors the financial aspect of their accountability to the company and their relationship with the auditor. 38 ASSURANCE Required a. Explain to the directors of Dunde Plc why there is need for an audit. b. Explain how an auditor of a public limited company may be appointed under the Companies Act 1984. c. What are the auditor’s rights under the companies Act 1984? Question 2 a. What powers and duties are conferred on an auditor of a limited company by the Companies Act 1984? b. What are the rights given to such an auditor by the same Act? 39 ASSURANCE CHAPTER 4: INTERNAL AND EXTERNAL AUDITING Topic List 1. 2. 3. 4. 5. 6. Introduction; Nature of internal auditing; Nature of external auditing; Comparison between internal and external auditing; Chapter summary; and End of chapter questions. Learning Outcomes By the end of this chapter students should be able to: Explain the different perspectives in which a professional accountant would provide assurance services; and Distinguish the role of an internal auditor from that of an external auditor in the provision of assurance services. 40 ASSURANCE 4.1 Introduction A professional accountant will be called upon to provide independent assurance to an entity in two different perspectives, where he is acting as an internal assurance provider or an external contractor. When s/he is engaged as an employee to provide services to an organisation s/he called an internal auditor. In the event that s/he is contracted as an independent contractor to provide assurance services s/he is referred to as an external auditor. In this chapter both internal and external auditing will be explained to provide an overview of the nature of work involved in each case. The chapter will also contrast the two aspects of assurance. 1. Nature of internal auditing 1.1 Meaning of internal auditing Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. The definition indicates that internal auditing is an appraisal function aimed at providing an opinion on effectiveness of risk management, internal controls and governance processes in addition to making recommendations to an organisation on how the processes may be improved. 1.2 Role of internal auditing in an organisation Internal auditing is primarily directed at providing assurance on adequacy of risk management, internal controls and governance. Its secondary role is to provide advice of how various systems and processes of an organisation may be improved. Risk management is the process by which an organization identifies, analyses, responds and monitors risks that could actually or potentially impact the organization's ability to achieve its mission and objectives. 41 ASSURANCE Internal control is broadly defined as a process, action or system established by an entity designed to provide reasonable assurance regarding the achievement of organisational objectives. Governance include policies, processes and structures used by the organization’s leadership to direct activities and achieve objectives of an organisation. It therefore follows that internal audit would provide assurance on matters such as: Effectiveness and efficiency of operations. Reliability of financial and management reporting. Compliance with laws and regulations. Safeguarding of assets The process of identifying, evaluating, reporting and monitoring of risks Various policies of the organization Implementation of sound business, personal and professional ethics in an organization. 1.3 Scope of internal audit work Internal audit work covers all systems and processes of an organisation. This may include operational, financial or general management systems. The scope of internal audit is not restricted to the audit of systems and controls necessary to form an opinion on the financial statements. It is a holistic type of assurance that is provided by internal auditors. Internal auditors therefore, would provide assurance on areas such as: Social and environmental system: This is an audit that determines the degree of compliance with emission and pollution standards. Risk management framework: An audit aimed at providing opinion on whether structures established by management are adequate enough to identify, evaluate, monitor and report on risks that may deter the organization from achieving its objectives. Value for money: An independent assessment of the extent to which an entity operates efficiently, effectively and with due regard to economy. Management Information Systems: It is an examination and evaluation of an organization's information technology infrastructure, policies and operations. Procurement: A systematic and independent analysis to determine whether the procurement process and the results of the process is to the best interest of the organisation. Financial reporting system: An examination of systems that contribute to the preparation of financial statements. An example is a purchasing cycle and posting of related transaction to the purchases ledger. 42 ASSURANCE 1.4 Skills required for an internal audit work Modern internal audit calls for diversity in skill set. In order to provide assurance on all aspects of an organisation an internal audit function needs to possess a diverse combination of skills. More importantly the skills should include the following: Analytical and critical thinking Communication skills IT general skills Risk management Business acumen A professional accountant is well placed to provide value adding internal audit services because of his extensive training on matters of corporate governance and control. However, knowledge and skills acquired through accounting and finance may not be sufficient because internal audit is a distinct field of study that has its own standards and practice procedures. Professional accountant globally practising internal audit in modern era have blended their accounting skills with certifications in internal auditing. 1.5 Acquisition of internal audit services Organizations utilise a number of different alternatives in obtaining internal audit services, ranging from a fully resourced activity housed within the organization to external resources obtained from outside the organization, or any combination thereof. The options organisations have include: Insourcing: Where internal audit is fully done by employees of the organization. Outsourcing: A situation where 100 percent of the internal audit services are obtained from external sources, usually on an ongoing basis. Co-sourcing: Through which external resources participate on joint engagements with inhouse internal audit staff. Engagements may be ongoing or for specific terms. A good example of a specific terms engagement is subcontracting for a specific assignment or portion of some engagement is performed by an external party, typically for a limited time period. Management and oversight of the engagement normally is provided by in house internal audit staff. There are many considerations that should be evaluated in determining the optimal structure and source for internal audit resources. The optimal solution can be different for every organization and also may change over time as the variables that influence the evaluation change periodically. Considerations for outsourcing internal audit services Although not all-inclusive, the following should be considered in the analysis of whether to outsource: Independence of the external service providers Allegiance of in-house resources versus that of external service provider Professional standards followed by the external service provider 43 ASSURANCE Qualifications of the service provider Human resource – training, turnover and rotation of staff Flexibility in staffing resources to meet engagement needs or special requests Availability of resources Retention of institutional knowledge for future assignments Access to best practice or insight to alternative approaches Culture of the organization – receptiveness to external service providers Insight into the organization by the external service provider Coverage of remote locations Coordination with in-house internal auditing Coordination with external auditor Use of internal auditing as a training ground for internal promotions Retention, access to and ownership of work papers Acquisition and availability of specialty skills Cost considerations Good standing membership in an appropriate professional organization Advantages of outsourcing internal audit services Greater focus on cost and efficiency of the internal audit function. Staff may be drawn from a broader range of expertise. Risk of staff turnover is passed to the outsourcing firm. Specialist skills may be more readily available. Costs of employing permanent staff are avoided. May improve independence. Access to new market place technologies, e.g. audit methodology software without associated costs. 8) Reduced management time in administering an in-house department. 1) 2) 3) 4) 5) 6) 7) Disadvantages of outsourcing internal audit services 1) Possible conflict of interest if provided by the external auditors, especially where the 2) 3) 4) 5) 6) 7) accounting firm also provides external audit services. Pressure on the independence of the outsourced function due to, e.g. threat by management not to renew contract. Risk of lack of knowledge and understanding of the organisation's objectives, culture or business. The decision may be based on cost with the effectiveness of the function being reduced. Flexibility and availability may not be as high as with an in-house function. Lack of control over standard of service. Risk of unclear roles between internal and external audit, losing credibility for both. 1.6 Independence of internal audit To maintain independence, an in house internal audit function needs to have: No direct authority or responsibility for the activities it reviews. The function should not be responsible for management of systems and processes it audits; 44 ASSURANCE No responsibility for developing or implementing procedures or systems and should not prepare records or engage in original line processing functions or activities; Report functionally to the board or board audit committee and administratively to the Chief Executive Officer or any similar position; The head of internal audit should have direct access to the chair of the board or board audit committee; The position of head of internal audit should be a senior position within the organisation’s structures. 1.7 Relationship with other assurance providers Internal audit activities are coordinated with activities of other assurance providers such as external auditors and regulatory authorities to help ensure adequacy of overall audit coverage and to minimise duplication of efforts. Periodic meetings and contact between internal and external auditors are held to discuss matters of mutual interest. 1.8 Internal audit and fraud Internal auditors evaluate risks faced by their organizations based on audit plans with appropriate testing. Internal auditors need to be alert to the signs and possibilities of fraud within an organization. While external auditors focus on misstatements in the financial statements that are material, internal auditors are often in a better position to detect the symptoms that accompany fraud. Internal auditors usually have a continual presence in the organization that provides them with a better understanding of the organization and its control systems. Specifically, internal auditors can assist in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of internal controls. In addition, they may assist management in establishing effective fraud prevention measures by knowing the organization’s strengths and weaknesses and providing consulting expertise. The importance an organization attaches to its internal audit activity is an indication of the organization’s commitment to effective internal control and fraud risk management. The internal auditor’s roles in relation to fraud risk management could include initial or full investigation of suspected fraud, root cause analysis and control improvement recommendations, monitoring of a reporting/whistleblower hotline, and providing ethics training sessions. If assigned such duties, internal auditing has a responsibility to obtain sufficient skills and competencies, including knowledge of fraud schemes, investigation techniques, and laws. Internal auditors may conduct proactive auditing to search for misappropriation of assets and information misrepresentation. This may include the use of computer-assisted audit techniques, including data mining, to detect particular types of fraud. Internal auditors also can employ analytical and other procedures to find unusual items and perform detailed analyses of high-risk accounts and transactions to identify potential fraud. 45 ASSURANCE At the appropriate time when enough information has been obtained, the head of internal audit should keep senior management and the board or audit committee informed of special investigations in-progress and completed. 1.9 Internal audit reporting In each engagement conducted by internal audit a report has to be produced as it is main product of the work performed. In the case of assurance engagements, internal control deficiencies or any other shortfall may be noted the internal audit team, all significant matters have to be included in the audit report with appropriate recommendations to improve the situation. In addition to reporting on assignment level the head of internal audit will report to each meeting of the board or audit committee on: • Audits completed • Progress in implementing the internal audit strategic plan and audit work plan, and • The status of the implementation of agreed internal and external audit and other relevant external body’s recommendations. Internal audit will also report to the board or board audit committee at least once annually on the overall state of internal controls in the organisation and any issues requiring management attention based on the work of internal audit and other assurance providers. 1.10 Follow up internal audits An assurance engagement generally follows three key stages as indicated in chapter 2, Assurance process. The stages are planning, obtaining evidence and reporting. However, an engagement performed by an internal auditor is expected to have an additional stage called follow up. During follow up stage an internal auditor undertakes to examine the extent to which recommendations that were made during reporting stage have been implemented. The implementation status is reported to the board through the audit committee if one exists. 2 Nature of external auditing 2.1 Meaning of external audit The Auditing Practices Board (APB) defines an audit as “an exercise whose objective is to enable auditors express an opinion whether the financial statements give a true and fair view of the entity’s affairs for the period then ended and have been properly prepared in accordance with the applicable reporting framework”. 46 ASSURANCE Key elements of the definition. Auditor: An auditor is a professional who, by evaluating a subject matter like financial statements, expresses an opinion on the subject matter. Opinion: This is a conclusion arrived at using a set criteria. Financial statements: These comprise annual accounts which show performance and financial position of an entity i.e. the statement of comprehensive income, statement of financial position, statement of changes in equity, statement of cash flows and notes to the accounts. True and fair view: The expression ‘true and fair view’ is a central concept to auditing. True means information is factual and conforms with reality, and not false. Additionally the information conforms to required standards and law. It means also that the accounts have been correctly extracted from the books and the records. Fair means that the information is free from discrimination and bias and in compliance with expected standards and rules. Fair also means that the accounts should reflect the commercial substance of the business entity’s underlying transactions. Entity: This is a general term representing all types of business enterprises including limited liability companies, charities, local authorities, government agencies etc. Reporting framework: This comprises all laws, regulations and guidelines that govern the preparation of financial statements e.g. Companies Act, accounting concepts and accounting standards. The need for external auditing can be understood from the stewardship accounting concept. Stewardship accounting is the name given to the practice by which productive resources owned by one person or group of persons are managed by another person or group of persons. A classic example of stewardship accounting can be found in the bible in the gospel according to St. Matthew Chapter 25. In this story told, we learn about a rich man who was embarking on a long journey. He called his servants and asked them to look after his wealth when he was gone. To each, he gave gold coins to manage according to his abilities. One was given five thousand gold coins; the second was given two thousand gold coins whilst the third one was given one thousand gold coins. On his return, he asked each one of them to account for the gold coins they were entrusted with. The rich man was pleased with the servants he had entrusted with five thousand gold coins and two thousand gold coins because they had doubled their investments. He was not pleased with the servant whom he gave one thousand gold coins, since he had not made any return on the money. Today, the practice by which managers of businesses account or report to the owners of the business is called stewardship accounting. The accounting and reporting is done through financial statements. 47 ASSURANCE The question that has always existed when those entrusted with resources of other people report on the performance of the same is; can the owners of the resources believe the report? The report may: contain errors not disclose fraud inadvertently be misleading fail to disclose relevant information fail to conform to regulations The solution to the problem of credibility of the reports and accounts can be solved by appointing an independent person called an auditor to investigate the reports and accounts and report back to those who appointed him on their truth and fairness. 2.2 Objectives of an audit The objective of an audit is to enable the auditor produce a report of his opinion of the truth and fairness of financial statements so that any person reading and using them can have belief in them. 2.3 Benefits of an audit Benefits of an audit include: 1) Owners of the company are given an independent opinion as to the truth and fairness of the accounts. 2) An audit gives more confidence in the financial statements used by third parties like banks. 3) The auditors can help the directors improve the business as a by-product of the audit through reporting weaknesses identified in the course of audit. 4) Disputes between members of management like in partnership may be more easily settled. 5) Major changes in ownership may be facilitated if past accounts contained an unqualified audit report. 6) The government relies more on audited accounts to ascertain profit or loss for tax purposes. 7) Helps to prevent and detect errors and fraud: An audit has deterrent and moral effect which helps entities to prevent errors and fraud. In addition errors and fraud may be detected in the course of the audit work. 48 ASSURANCE 2.4 Limitations of an audit Audit has a number of limitations including: 2.4.1 Auditing is not a purely objective exercise because auditors use judgement in areas like risk assessment, which tests to perform, determination of materiality levels etc. 2.4.2 In auditing, auditors do not check every item in the accounting records. 2.4.3 Accounting and internal control systems on which auditors rely have inherent limitations. 2.4.4 Audit does not and cannot tell that directors and management are telling the truth and have colluded in fraud. 2.4.5 An audit only indicates what is probable rather than what is certain. 2.4.6 Audit reports are issued some months after the financial statements date. 2.4.7 The audit report format is unlikely to reflect all aspects of the audit. 2.4.8 The auditor’s opinion is not a guarantee of the future viability of the entity; effectiveness and efficiency of management and that fraud may not have been perpetrated on the company. 2.5 Scope of work The independent auditor tests the data underlying the entity’s financial statements to obtain evidence that, along with his other procedures, provides the basis for the auditor’s opinion about whether the financial statements are free from material error or misstatement. In a financial statement audit, the auditor forms an overall conclusion about whether: The financial information has been prepared using appropriate accounting standards, which have been consistently applied; The financial information complies with relevant statutes or laws; The view presented by the financial information as a whole is consistent with the auditor’s knowledge of the business of the entity; There is adequate disclosure of all material matters relevant to the proper presentation of the financial The scope of external audit is within the sphere of financial reporting. The auditor examines systems and processes that contribute to the preparation of financial statements. The processes reviewed during external audit are those which would assist the auditor obtain evidence that the financial statements have been prepared fairly and are free from material misstatement. The set of financial statement consist of: Statement of financial position Statement of comprehensive income Statement of changes in equity Statement of cashflow Notes to financial statements 49 ASSURANCE 2.6 Reporting The format of external audit report is defined by statute which varies according to jurisdiction of different countries. However, many countries have adopted the format of International Federation of Accountants (IFAC). The audit report is normally addressed to shareholders of the entity. In addition to forming an opinion on financial statements, external auditors may also issue a management letter that points outs any control deficiencies noted in the course of auditing financial statements. 2.7 Fraud responsibility Auditors are responsible for planning and performing an audit to obtain reasonable assurance that the financial statements are free from material error and fraud. The concept of reasonable assurance, however, does not insure or guarantee that the financial statements are free from fraud. Misstatements in the financial statements can arise from either fraud or error. The distinguishing factor between fraud and error is whether the underlying action that results in the misstatement of the financial statements is intentional or unintentional. Although fraud is a broad legal concept, for the purposes of the auditor is concerned with fraud that causes a material misstatement in the financial statements. Two types of intentional misstatements that are relevant to the auditor include: Misstatements resulting from fraudulent financial reporting; and Misstatements resulting from misappropriation of assets. Although the auditor may suspect or, in rare cases, identify the occurrence of fraud, the auditor does not make legal determinations of whether fraud has actually occurred. 3 Comparison between internal and external auditing Internal and external auditing have both similarities and differences. The comparison is mainly done basing on scope of work, methodology, reporting and skills required to perform the work. 3.1 Similarities Both the external and internal auditor carry out testing routines and this may involve examining and analyzing many transactions using sampling. Both tend to be deeply involved in information systems and internal controls since this is a major element of managerial control as well as being fundamental to the financial reporting process. Both are based on a professional discipline and performed in accordance to professional standards. Both seek active co-operation between the two functions. Both are concerned with the occurrence and effect of errors and misstatement that affect the financial statements. 50 ASSURANCE Both produce formal audit reports on their activities. 3.2 Differences The differences may be summarised as follows: Internal audit External audit To consider if business practices are helping the business manage its risks and meet its strategic objectives- it can cover operational as well as financial matters. To consider whether the financial statements give a "true and fair view" and are in accordance with reporting framework. Internal auditors can be employed by the business or outsourced. While an accounting background is common, they can also come from other relevant backgrounds. of Internally in the light of business's risks and objectives. An outside firm of accountants who are Registered Auditors Purpose Resourcing Setting agenda Reporting Board audit committee Report presentation Tailored report about how the risks and objectives (of the business area being audited) are being managed. There is a focus on helping the business move forward - so expect there to be recommendations for improvement. Follow up needs By the audit firm based on their assessment of the risks of the accounts being materially misstated. Primarily to the shareholders (but also to management in the case of management letter) The main report is in a format required by International Auditing Standards and focuses on whether the accounts give a true and fair view and comply with legal requirements If other things come to light which the auditors think should be brought to management's attention they will be reported in a management letter. This will be agreed internally, but can There is no follow up requirement, until next year's include: Follow up to recommendations implemented. see have audit; when in planning the audit, whether past issues should be considered. been Consultative help to guide management's implementation of recommendations. Public availability the report of No Yes if it is a public entity or financial institution in the case of Malawi 51 ASSURANCE 4 Chapter summary A professional accountant provides different types of assurance services and in most cases such services are provided while he is either working as an internal auditor or external auditor. While there are similarities between internal auditing and external auditing, the differences between them are numerous. A professional accountant is able to acquire sufficient skill and knowledge to perform external auditing through accountancy studies. However, he may require additional skills and knowledge to work competently as an internal auditor. 5 End of chapter questions 5.1 Explain the role of internal audit is the management of an entity. 5.2 To what extent do internal auditors work overlap with that of external auditors? 5.3 An internal auditor needs to be an accountant. True or false? 5.4 What is the scope of external audit work? 52 ASSURANCE SECTION B: ASSURANCE IN PRACTICE 53 ASSURANCE CHAPTER 5: FINANCIAL STATEMENTS: AUDIT PLANNING Topic List 1. 2. 3. 4. 5. 6. Introduction; Planning and risk assessment; Materiality; Substantive audit procedures; Documentation; and Internal Controls. Learning Outcomes By the end of this chapter students should be able to: identify risks in the audit of financial statements; explain the concept of materiality and determine appropriate levels of materiality in the audit of financials statements; plan appropriate audit procedures; execute audit procedures and gather evidence; explain the importance of audit documentation; and explain the importance and impact of internal control on substantive testing. 54 ASSURANCE 5.1 Introduction The audit of financial statements involves several tasks and starts with planning an audit and performing relevant risk assessments. It then proceeds to the assessment of internal controls for the purposes of assessing whether or not they are strong and can be relied upon to reduce, and not necessarily eliminate, reliance on detailed substantive testing. After controls are tested detailed testing is then performed. In performing detailed testing, the Practitioner makes decisions of which audit evidence obtain, and whether it is sufficient and appropriate to support an audit opinion. Once the work is done the Practitioner performs adequate reviews of the work done in order to make an audit opinion on the financial statements. This is the reporting stage of the audit in which he considers subsequent events prior to releasing the report. These matters will be discussed in more detail below. A financial statement (or financial report) is a formal record of the financial activities and position of a business, person, or other entity. Financial information is presented in a manner that is easy to understand and typically include “primary statements”, accompanied by a management discussion and analysis, Primary statements include: 1. A balance sheet (statement of financial position) which reports on a company's assets, liabilities, and ownership equity at a given point in time. 2. An income statement, (statement of comprehensive income), also called a profit and loss account which reports on a company's income, expenses, and profits over a period of time. A profit and loss statement provides information on the operations of the enterprise including sales and the related expenses incurred during the reported period. 3. A statement of changes in equity, also known as equity statement or statement of retained earnings, reports on the changes in equity of the company during the reported period. 4. A statement of cash flows reports on a company's cash flow activities, particularly its operating, investing and financing activities. These statements may be complex and may include an extensive set of footnotes to the financial statements and management discussion and analysis. The notes typically describe each item on the balance sheet, income statement and cash flow statement in further detail. Notes to financial statements are considered an integral part of the financial statements. 5.2 Planning and risk assessment Several activities take place in the planning phase of an assurance assignment. The planning process begins with deciding whether or not to continue with an engagement assignment. If a decision is made to continue with an assurance engagement, a practitioner will proceed to obtain and update his understanding of the client. This understanding enables the assessment of the level of risk that exists in the audit. An understanding of risk levels leads to and involves the testing of internal controls and determination of what is significant and material to the financial statements which finally determines the testing strategy and detailed audit programs 55 ASSURANCE We will discuss these concepts in more detail in the rest of this chapter. (Engagement continuance, Understanding client, risk assessment and internal controls, materiality and testing strategy). 5.2.1 Obtaining an engagement Assurance firms obtain clients in various ways which may include advertising. In such circumstances the code of ethics gives the following guidance Accountants are generally permitted to advertise within certain professional guidelines. Accountants should not bring the profession into disrepute The account should be honest and truthful and should not o Make exaggerated claims for services offered, qualifications possessed and or experienced gained. o Make negative statements about other professionals and their work Accountants will often be invited to tender for new assignments. This is a process in which they provide a quotation for assurance services outlining the benefits of their firm and personnel this is done in competition with other firms which are tendering at the same time. 5.2.2 Reasons for change in assurance engagements There are various reasons why clients change assurance providers. Some of them include the following: Fee concerns o Fees may be perceived to be too high compared to the nature of the assignment or not competitive compared to what other firms can charge. o The assurance engagement may not be seen to add value to the client at the fee level being charged. Practitioner resignation o Due to ethical restrictions given in the code of conduct including, fee levels that exceed 15% of total practice fees, poor management integrity, conflict of interest due to provision of other services assurance or non-assurance services. o Due to auditing competing clients in the same market o Disagreement over accounting and other matters. Group audit arrangements o When there is group restructuring such as mergers and company take overs there likely to be changes in group auditors that may affect appointments of auditors or the assurance providers in the subsidiary or related companies. Auditor rotation may be a requirement in other markets or be a requirement of the client in question. 5.2.3 Engagement acceptance and continuance. The decision to continue an engagement involves various aspects including legal, and risk considerations. 56 ASSURANCE Legal considerations require compliance with applicable laws. In Malawi the Companies Act is applied to audit appointments and removals. The Act stipulates various requirements to be complied with in the appointment of auditors. These mainly relate to the need for auditors to be appointed by resolution in an annual general meeting and by directors where there is casual vacancy of auditors. There is also guidance on the removal of auditors. These detailed requirements are covered in chapter 3. 5.2.4 Engagement acceptance There are several procedures that take place before accepting nomination as auditors which includes the following: The auditor must ensure that there are no ethical, legal or technical barriers to acceptance of nomination. The auditor must ensure that the firm is and its members are professionally qualified to act in that capacity. The auditor must ensure that there are enough existing resources to serve the client. Resources include adequate skills of the audit team in response to the nature and complexity of the audit assignment. Where necessary the auditor may obtain the references of the company’s directors. In order to identify indicators of unethical behaviour, negative publicity or information regarding unusual lifestyles which do not match their level of earnings. The auditor will communicate with the previous auditor to enquire whether there are reasons or matters that he should know before and as he considers accepting his assignment. The communication from the previous auditor comes in the form of– a Professional Etiquette Letter. Anti-Money laundering procedures are required and this includes o Know your client (KYC) procedures which are required in order to have a comprehensive knowledge of the business of the client, sources of income and whether or not there are indicators of illegal activities. o Consideration of whether a potential client is a politically exposed person (PEP). A PEP increases reputational risk for the firm if the assignment is accepted. 5.2.5 Procedures after accepting nomination As part of procedures after accepting nomination the auditor will: Ensure that the outgoing auditor’s removal or resignation has been properly conducted in accordance with the Companies Act 1985. Verify the appointment of the new auditors to the resolution of the appropriate members’ general meeting. Set up an engagement letter that must be agreed before starting to act for the company. This lays out the basis for the service arrangement. Additional Procedures include the consideration of International Standard on Quality Control 1 (ISQC1) Issued by the International Auditing and Assurance Standards Board (IAASB). 57 ASSURANCE ISQC1 has the following requirements. The firm should establish policies and procedures for the acceptance and continuance of client relationships to ensure that it o Has considered client integrity o Is competent to the engagement and has adequate resources to do so o Can comply with ethical requirements The firm should thus o obtain relevant information, o identify relevant issues o if resolvable issues exist, resolve and document your resolution of matters 5.2.6 Appointment decision tree In summary the process that a practitioner should take is summarised in this appointment decision chart. 58 ASSURANCE 5.2.7 Agreeing terms of an engagement The terms of any assurance engagement are presented in an engagement letter. This letter helps to ensure that the expectations of both the practitioner and management are properly clarified. If an engagement letter is not sent to clients, both new and existing, there is a likelihood for misunderstanding and arguments regarding the respective responsibilities of the client and its 59 ASSURANCE directors and the auditors. Therefore the elements of an engagement should be discussed and agreed with management before it is sent to clients. Therefore the engagement letter is important because It defines clearly the extent of the auditor’s and management’s responsibilities over the audited matter. It minimise the misunderstandings between the auditor and the client management. It allows for confirming in writing any verbal agreements reached with client management. It limits the auditor’s liability for his opinion to the members of the company alone. 5.2.8 Contents of audit engagement letters ISA: Agreeing the terms of an audit engagement requires the auditor and management to agree on the terms of engagement which must be in writing usually in the form of an engagement letter. This should be sent to clients soon after appointment and for each subsequent engagement. The contents of the engagement letter should include the following: The objective of performing the audit, which is to give an opinion on the financial statements or subject matter. The scope of the audit, which is the subject matter or financial statements being audited. The reporting standards or framework used in preparing the financial statements. The responsibility of management for preparing the financial statements, choosing the correct reporting framework and implementing internal control The responsibility of the auditor Procedures or standards followed in performing the audit assurance assignment such as ISA requirements for planning, risk assessments and testing of the audit evidence. The final report containing the opinion of the auditor regarding whether the financial statements are prepared in accordance with the reporting framework and other relevant regulations. Other factors that could be included are o Extent of reliance on internal auditors o Basis of fees or fee amounts o Guidance on involvement of other auditors or experts o Restriction of auditor liability 60 ASSURANCE 5.2.9 Engagement letter extract Included below is an example of an audit engagement letter 14 March 20X5 The Directors ABC Limited P O Box 2020 New City Dear Sirs The purpose of this letter is to set out the basis on which A.N Auditor are to act as auditors of ABC Limited and to set out the respective areas of responsibility of the directors and of ourselves, Responsibilities of directors and auditors As directors of the Company, you are responsible for: ensuring that the Company keeps adequate accounting records; designing, implementing and maintaining internal control relevant to the preparation and presentation of financial statements that are free from material misstatement, whether due to fraud or error; selecting and applying appropriate accounting policies; making accounting estimates that are reasonable in the circumstances; preparing financial statements that present fairly the financial position, results of operations and cash flows of the Company in accordance with International Financial Reporting Standards (“IFRSs”) and in the manner required by the Companies Act (Cap 46:03); and You are also responsible for making available to us, as and when required, all the Company's accounting records, all other relevant records, including minutes of all management and shareholders' meetings, and information and explanations which we consider necessary for the performance of our duties as auditors. We have a statutory responsibility to report to the members of the Company whether in our opinion the financial statements present fairly, the financial position, results of operations and cash flows of the Company, in accordance with IFRSs and in the manner required by the Companies Act (Cap 46:03). In arriving at our opinion, we shall inter alia consider the following matters, and report on any in respect of which we are not satisfied: 61 ASSURANCE whether adequate accounting records have been kept by the Company; whether the annual financial statements are in agreement with the accounting records and returns; whether we have obtained all the information and explanations which we consider necessary for the purposes of our audit; Whether the information given in the annual report is consistent with the financial statements. Our professional responsibilities also include considering whether other information in documents containing audited financial statements is consistent with those financial statements. Scope of audit Our audit will be conducted in accordance with International Standards on Auditing (“ISAs”). These standards require that we comply with ethical requirements and plan and perform the audit to obtain reasonable assurance that the financial statements are free of material misstatement. The audit will include such tests of transactions and of the existence, ownership and valuation of assets and liabilities, as we consider necessary. Our audit will include examining, on a test basis, evidence supporting the amounts and disclosures in the financial statements, assessing the accounting principles used and significant estimates made by management in the preparation of the financial statements and evaluating the overall financial statement presentation. We shall expect to obtain such appropriate evidence as we consider sufficient to enable us to draw reasonable conclusions therefrom. The nature and extent of our procedures will vary according to our assessment of the Company's accounting system and, where we wish to place reliance on it, the internal financial control system. Detection of fraud, error and non-compliance with laws and regulations The primary responsibility for safeguarding the assets of the Company and the prevention and detection of fraud, error and non-compliance with laws or regulations rests with both those charged with governance of the Company and with management of the Company. It is the responsibility of those charged with governance of the Company to ensure, through oversight of management, that the Company establishes and maintains internal control to provide reasonable assurance with regard to the reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. It is the responsibility of management to establish a control environment and maintain policies and procedures to assist in achieving the objective of ensuring, as far as possible, the orderly and efficient conduct of the Company’s business. Our audit is planned and performed so that we have a reasonable, but not absolute, assurance of detecting material misstatements in the financial statements or accounting records, 62 ASSURANCE including any material misstatements resulting from fraud, error or non-compliance with laws or regulations. Reports to management An audit is not necessarily designed to identify all weaknesses in the Company's accounting and internal control systems. However, we shall report to management in writing following the audit those material weaknesses in the design or implementation of internal control over financial reporting that come to our notice during the course of our normal audit work and which, in our view, require management's attention Management representations The information used by the directors in preparing the financial statements will invariably include facts or judgements which are not themselves recorded in the accounting records. As part of our normal audit procedures, we shall request appropriate directors or senior officials to confirm to us in writing each year such facts or judgements and any other oral representations which we have received from them during the course of the audit on matters having a material effect on the financial statements. We will also ask them to confirm in that letter that all important and relevant information has been brought to our attention. In addition, we shall include in or attach to the representation letter a summary of unadjusted audit differences and request that management acknowledges that it has considered the financial statement misstatements brought to its attention by us and has concluded that any uncorrected misstatements are not material to the financial statements taken as a whole Other requirements In order to assist us with the examination of your financial statements, we shall request early sight of all documents or statements which are to be issued with the financial statements. We are also entitled to attend all general meetings of the Company and to receive notice of all such meetings. ISAs require that we read any annual report and other document that contains our audit opinion. The purpose of this procedure is to consider whether other information in the annual report, including the manner of its presentation, is materially inconsistent with information appearing in the financial statements. We assume no obligation to perform procedures to verify such other information as part of our audit. Once we have issued our report we have no further direct responsibility in relation to the financial statements for that financial year. However, we expect that you will inform us of any material event occurring between the date of our report and the date of issue of the financial statements, which may affect the financial statements. Preparation of financial statements We shall assist with the preparation of annual financial statements of the Company from information presented to us by the directors. Assistance with the preparation of financial 63 ASSURANCE statements does not form a part of the audit function, but we shall discuss the Company's accounting principles with you, particularly in any problem areas, and we may propose adjusting entries for your consideration. However, the directors' statutory responsibilities, for ensuring that the financial statements give a fair presentation of the state of affairs and results and cash flows of the Company in compliance with International Financial Reporting Standards, will continue. Other services We shall not be treated as having notice, for the purposes of our audit responsibilities, of information provided to employees of our firm other than those engaged on the audit for example information provided in connection with accounting, taxation and other services. Taxation services Income tax returns You have authorised us to act on your behalf in the preparation and submission to Inland Revenue Authority of your annual income tax return. Accordingly, for each year of assessment, we will prepare a computation of taxable income in accordance with the provisions of the Taxation Act, for incorporation into the Company’s annual income tax return. Income tax assessments We will check on your behalf all assessments received by us in respect of annual income tax returns, including additional or revised assessments. Where necessary, we will lodge objections and appeals against such assessments and will attend to any queries raised by Inland Revenue. Reporting to third parties (i.e. Liability limitation) Our audit opinion is intended for the benefit of those to whom it is addressed. The audit will not be planned or conducted in contemplation of reliance by any third party or with respect to any specific transaction. Therefore, items of possible interest to a third party will not be specifically addressed and matters may exist that would be assessed differently by a third party, possibly in connection with a specific transaction. There may be situations for example in relation to loan agreements, where a third party seeks to request us, in our capacity as auditors, to report to them. Any contractual arrangements between you and a third party which seek to impose such requirements upon us will not, as a matter of law, be binding on us. However, depending on the circumstances we may agree to provide reports to third parties, but not in our capacity as auditors. Any such possible requirements must be discussed with us at the earliest opportunity and well before the loan agreement or other arrangement is finalised. In this regard, however, it is our policy not to extend our duty of care in respect of our audit report in the financial statements. 64 ASSURANCE As noted above, our opinion will be prepared for and only for the Company’s members in accordance with the Companies Act (Cap 46:03) and for no other purpose. Fees Our fees are computed on the basis of the time spent on your affairs by our partners, directors and staff and on the levels of skill and responsibility involved. The fees will be subject to review by us each year and will vary with a number of factors including the extent of the assistance we receive from members of staff in preparing routine schedules and analyses. It is our usual practice to provide estimates of our fees in advance of the work commencing and we shall require payments on account as our work progresses. Applicable law The contract formed by this engagement letter when accepted by you shall be governed by, and construed in accordance with the Laws of Malawi. Acknowledgement and acceptance Once it has been agreed, this letter will remain effective, from one appointment to another, until an updated engagement letter replaces it. We shall be obliged if you will confirm in writing your agreement to the terms of this letter by signing one copy in the space provided and returning it to us. If you wish to discuss the terms of our appointment further before replying, please let us know. Yours faithfully A.N Auditor The terms of this engagement are accepted by _________________ who represents that he is authorised to accept these terms on behalf of: ABC Limited Signed: ...................................... (Name and position) Date: ...................................... 65 ASSURANCE 5.3.1 Planning and understanding the client. Planning the audit is a requirement of ISA 300: Planning an audit of financial statements. The objective of the auditor is to identify potential misstatements in the financial statements. This is achieved through understanding the entity and the environment in which it operates. This then enables the auditors to design the most appropriate audit approach and detailed procedures that address any risks that have been identified. The following is the guidance provided by the ISA 300: The auditor should plan the audit so that the engagement will be performed in an effective manner -ISA 300.2 Planning an audit involves establishing the overall audit strategy for the engagement and developing an audit plan, in order to reduce audit risk to an acceptably low level. Planning enables the engagement partner and other key members of the engagement team to benefit from their experience and insight and to enhance the effectiveness and efficiency of the planning process - ISA 300.3 The approach to planning can be summarised in discussing why planning is important, what to specifically understand, and lastly how to go about performing specific planning procedures. 5.3.2 Importance of planning It ensures that the auditor has a higher chance of identifying misstatements in the financial statements. It increases audit efficiency and effectiveness, and enables the conduct of a quality audit. It reduces audit risk through the adoption of a right approach to respective audit assignments. It ensures that the auditor maintains an attitude of professional scepticism during the audit. Therefore proper audit planning enables the conduct an effective, efficient and quality audit through: Ensuring that potential problems are identified (through the risk assessment process). Ensuring that appropriate attention is devoted to the different areas of the audit. Ensuring that audit work is assigned properly to the team members and facilitates review. 5.3.3 What items the auditor will seek to understand The following are what auditors will seek to gain an understanding on. - An update of the knowledge of the client - ISA 310 Knowledge of the business. Competitive environment (market position, and SWOT analysis) Regulatory and macro-economic environment 66 ASSURANCE Strategy, goals and objectives (profitability, volumes, product portfolio and marketing) Value creation (innovation, supply chain, brands, customers and people) - Risk assessment (both audit and business risk), and determination of levels of materiality. - Preparation of the detailed audit approach and audit plan. - Decision on administrative matters like budgets, staffing and logistical issues. 5.3.4 Methods of gathering planning information Gathering planning information can be performed through: Inquiries of management and others within the organisation Analytical procedures Observation and inspection Knowledge and experience from prior periods called cumulative audit knowledge and experience Discussions of key audit areas within the audit team. These planning procedures will help the auditors implement a plan at two levels as follows: Develop an overall audit strategy which sets the overall direction for the audit, and describes the expected scope and conduct of the audit and provides guidance for the development of the detailed audit procedures or procedures. Developing detailed audit procedures also called the audit plan or audit program. These are a set of detailed instructions to the audit team that explains the audit procedures to be performed and may include references to other matters such as audit objectives, timing, sample sizes and basis of selection for each financials statement area being audited. 5.3.4 General and administrative planning The final area of planning is that of administrative or logistical matters as follows: 5.3.4.1 Logistics Audit staff - Whether staff is available with correct level of qualification and experience. - Whether there is a need for staff with special skills (systems, language) - Relationship with other audit staff and audit client. - Travel logistics Audit client preferences - Continuity of audit staff on teams serving the client. 67 ASSURANCE Locations of the audit - Distance for audit staff to travel and need for mobility between sites. - Location of multiple sites and a decision on which to visit. - Location of engagement leader and manager. Key audit dates - Inventory count, main audit visit, manager and partner review, audit report and clearance meeting with client, AGM. 5.3.5 Timing and budgets Time budgets should be accurate and well communicated to the audit team. Budgets to be based on prior year actual time records, risk and materiality considerations. 5.3.6 Use of IT Whether client is computerised and the auditors need to use CAATs. Whether audit working papers will be electronic and auditors have laptops. Whether audit work will be reviewed on site and devises for replication are available. 5.4 Assessing risk and determining materiality Assessment of risk on an audit assists the auditor to identify areas that are more susceptible to a material misstatement and helps the audit design appropriate audit procedures that respond to identified risks. Risk exists for both the auditor and the business as audit and business risk respectively. 5.4.4 Audit risk Audit risk is the risk that the audit will not meet the objective of the audit of giving an appropriate opinion on the financial statements. In other words audit risk is the risk that an auditor will give an inappropriate audit opinion on the financial statements. Audit risk increases the likelihood that the auditor may suffer loss as a result of giving an inappropriate opinion. Loss can occur through damage to his reputation and the resulting loss of business and loss from monetary compensation arising out of litigation. All audits therefore involve risk and the greater part of the engagement comprise of work to deal with this risk. The profession has responded to audit risk by developing a set of ISAs that are classified as ‘The Risk Standards’ whose objective are to improve audit quality by helping the auditor to maintain an attitude of professional scepticism and also focus more on areas where there is a greater risk of material misstatements to the financial statement this is called the “Audit risk Approach”. 68 ASSURANCE 5.4.5 Components of Audit risk Audit risk has various components namely inherent, control and detection risk 5.4.5.1 Inherent Risk: is risk that arises due to the very nature of the transaction or account balance. It is also described as “the susceptibility of an account balance or class of transactions to a material misstatement, irrespective of related internal controls”. It is the risk that requires auditors to use all available knowledge and their cumulative audit knowledge on the client. Factors to consider in assessing inherent risk are as follows: a) Factors relating to the client business as a whole - Integrity and attitude to risk of directors and management. - The professional qualifications and experience of management experience. - The Nature of business: businesses sensitive to the effects of technological changes and overdependence on few individuals can increase risk. - Industry factors such as highly competitive conditions, stringent regulatory requirements and rapid changes in customer preferences as in the fashion and food industry. b) Factors affecting individual account balances or transactions - Accounts and balances that require significant judgement and high levels of estimation or with history of significant adjustments in prior years. - Complex accounts that require expert valuations. - Assets that are prone to misappropriation: e.g. cash and portable valuable items. - Quality of accounting systems and controls over different cycles of the financial statements. - Staff issues: High staff turnover and normal changes of responsible staff or low staff motivation. - High volume and unusual transactions. 5.4.5.2 Control Risk: is the risk that a misstatement could occur in an account balance or class of transaction and could be material either individually or when aggregated with misstatements in other balances or classes and that would not be prevented, or detected and corrected on a timely basis, by the accounting and internal control system. Control risk is the risk that client’s controls fail to detect a material misstatement. The auditor must make a preliminary assessment of control risk at the planning stage and subsequently perform tests of controls to determine the level of reliance that can be placed on controls to reduce the requirement for detailed substantive tests. 69 ASSURANCE 5.4.5.3 Detection Risk: is the risk that the auditors’ substantive procedures do not detect a misstatement that exists in an account balance or class of transactions that could be material, either individually or when aggregated with misstatements in other balances or classes. Detection risk increases due to the fact that auditors do not test all evidence but rely on conclusions drawn from tests performed on samples which may not properly selected. 5.4.6 Impact on the audit The auditors’ assessment of inherent and control risk will influence the nature, timing and extent of substantive audit procedures required to reduce detection risk to and acceptably low level and hence reduce audit risk. 5.5 Business risk Business risk is the risk inherent in a company’s operations and is a risk at all levels of operations. Business risks are supposed to be managed properly to ensure that the company continues to exist. Most companies have a risk management framework whose elements include: - Identification of significant risks which could prevent the business from achieving its objectives. - Provision of a framework to ensure that the business can meet its objectives. - Regular reviews of the business objectives and framework to ensure that objectives are met. 5.5.4 Components of business risk Business risk has three components namely, financial, operational and operational risk. 5.5.4.1 Financial Risk: is the risk arising from the financial activities or financial consequences of operations e.g. cash flow issues or overtrading. 5.5.4.2 Operational Risk: the risk arising with regard to business operations e.g. on relationships with suppliers and customers like where a major customer or supplier is lost. 5.5.4.3 Compliance Risk: risk arising from non-compliance with laws and regulations that affect the business. 5.5.5 Impact of business risk on audit risk Business risks may increase and result in a material misstatement at a transaction and account balance or even at the financial statement level. This can occur due to increased inherent or control risks. If these risks are not detected by the auditor and he fails to obtain sufficient and appropriate evidence on these risky areas, the auditor is more likely to give an inappropriate opinion on the financial statement hence resulting in “audit risk”. Examples of this inter-relationship are as follows: 70 ASSURANCE - The financial business risk of overtrading would lead to failure to recover debtors, this would mean that debtors are impaired and hence an inherent audit risk lies over the valuation of debtors. - An operational business risk of loss of customers would cause the impairment of the fixed assets used to produce the trade products; this would translate into inherent audit risk over asset valuation. - A compliance business risk arising from non-compliance with laws and regulations would require provisions in the financial statements for possible penalties and fines. If the provisions are no made, an audit risk arises over completeness of liabilities (unrecorded liabilities). 5.5.1 Materiality The concept of materiality relates to items that are significant to the users of the financial statements. An item is said to be material if it can influence the decision of users or decision makers of the financial statements. Materiality is therefore an expression of the relative significance or importance of a particular matter in the context of the financial statements as a whole. All audit matters are attended to and evaluated with reference to whether they are material or not and helps auditors to decide on: How many and what items to test. The selection basis to be used i.e. whether to use sampling or not. The level of error that is acceptable, beyond which a qualified opinion would be issued. 5.5.2 Impact of materiality on audit risk Materiality impacts audit risk because it determines which risks are significant enough for the audit to consider in his planning procedures. The auditor make this determination in application of the guidance given by ISA 320 which requires that “The auditor should consider materiality and its relationship with audit risk when conducting an audit”. 5.5.3 Criteria for materiality There are various factors that determine materiality and consideration should always be made of the nature and circumstances of the company being audited and the needs of the intended user of the financial statements. Once materiality is determines the auditor should maintain his professional scepticism during the conduct of the audit and continuously evaluate the appropriateness of the materiality level set during planning in the light of new evidence coming to light during the performance of the audit work. 71 ASSURANCE 5.5.4 Impact of revision to materiality levels Where overall materiality has been revised in light of new information it can result in more or less audit procedures if the level is lower or higher as appropriate. Where the level is higher the work already done by the audit team will be sufficient because the performance materiality used will be much lower than the revised level that is determined. However where the materiality level is lower than originally planned, the auditor must determine whether the performance materiality has significantly changed that it requires changing to a lower level. Where this decision is made to reduce the level of performance materiality a conclusion is required on the file of whether or not the extent nature and timing of audit procedures is still considered appropriate. In general the auditor is required, by ISA 320, to document the following regarding materiality The level of materiality determined for the financial statements as a whole(overall materiality) Materiality levels for particular classes of transactions account balances or disclosures if applicable The level of performance materiality Any revision to the levels of materiality during the course of the audit. The criteria that determine materiality include nature, value and impact of items under consideration. This is because materiality has qualitative aspects so that while some misstatements may fall under the determined benchmarks, they may still be material based on their nature. Nature: Some items will by their nature affect the readers of the financial statement e.g. transactions with directors, such as their remuneration and contracts with the company. Value: some items will be material to the financial statement by virtue of their value, e.g. sales for actively trading clients. Impact: some items are by chance of such a nature which has a significant impact on the financial statement, e.g. an adjustment journal that changes a reported loss to a profit. Other examples include items required for disclosure under local laws or accounting framework, key disclosures that are required in certain industries, such as earnings per share, and particular areas of focus by users of financial statements. 72 ASSURANCE 5.5.5 Levels of materiality Materiality is determined at the overall, performance and de-minis level. 1. Overall materiality This is the level of materiality at the overall financial statements level, such that the cumulative uncorrected errors and the effects of other misstatements would lead to a qualified opinion if they fall above the overall materiality level. 2. Performance materiality This is the level of materiality at the assertion or individual account balance or class of transactions level. It enables the auditor to decide such questions as what items to examine and “perform” audit procedures on, hence the word “performance” materiality. It also helps the auditor determine the type of audit procedures to perform In order to reduce audit risk to an acceptably low level. 3. De-minimus materiality This is an amount below which potential audit adjustments do not to be accumulated and corrected in the financial statements. All errors below this level are simply posted to a summary of uncorrected misstatements. In determining the de minimus posting level, professional judgment is needed. The factors that should be considered include: The number and amount of prior years’ audit differences, adjusted or unadjusted; Results of our risk assessment; and Client expectations Percentage guidelines also called “rules of thumb” are sometimes used to determine the levels of materiality, the generally accepted guidelines are as follows: For profit oriented companies, overall materiality can be set at 5% of PBT from continuing operations. For companies with a high asset backing (asset based), overall materiality can be set at 5% of net asset. For mutual funds and pension schemes, overall materiality can be set at 0.5% of net assets. For not for profit making organisations, overall materiality can be set at 1% of total expenses. Performance materiality can vary between 75% down to 50% % of overall materiality. The SUM-de-Minimus materiality can be set at 5% of the overall materiality. 73 ASSURANCE ISA 320.2 “If management refuses to adjust the financial statements and the results of extended audit procedures do not enable the auditor to conclude that the aggregate of uncorrected misstatements is not material, the auditor should consider the appropriate modification to the auditor’s report in accordance with ISA 700, "The Auditor’s Report on Financial Statements”” - ISA 320.15. 5.6.1 Audit Evidence Audit evidence is all the information used by the auditor in arriving at conclusions that support the audit opinion. Audit evidence therefore enables the auditor to express his audit opinion which is the objective of the audit process. Audit evidence is contained in the accounting records of the entity and also in information obtained independently by the auditors. 5.6.2 Quality of audit evidence Audit evidence should be of adequate quality to serve as a basis for the audit opinion. The quality of evidence is measured by sufficiency and effectiveness. Sufficiency is a measure of the quantity of audit evidence Appropriateness is a measure of quality and reliability of audit evidence Sufficiency is affected by the assessment of inherent, control and detection risk at both the financial statement and assertion levels. It can also be affected by: materiality of the item being examined, the auditor’s prior experience with the audit section and knowledge of the client and industry, the results of other audit procedures that provide corroborative evidence and the source and reliability of the evidence, and; the nature of accounting and internal control systems. Appropriateness is a measure of quality, relevance and reliability of audit evidence. Relevance is a measure of how well the evidence relates the objective of the audit procedures being performed. It is a measure of how well the procedure impacts the test objective. The following factors affect the quality and reliability of evidence: Evidence obtained from external sources is more reliable than evidence obtained from the entity (e.g. confirmations). Evidence obtained independently or directly by auditors’ is more reliable than evidence generated by the entity. Documentary evidence is more reliable than oral evidence obtained from the entity. 74 ASSURANCE Evidence obtained from the entity’s own records is more reliable only when related controls are effective. Original documents are more reliable that electronic or hard copies of the evidence. 5.6.3 Use of work of management’s experts A management expert is a person or firm possessing specialist skill, knowledge and experience in a particular field other than accounting or audit whose work is used in the preparation of financial statements. Auditors would depend on the work of an expert in all cases where their professional knowledge is limited to allow them to obtain evidence regarding a particular area of the audit. ISA 500: Audit Evidence requires that if information to be used as audit evidence has been prepared by a management's expert, the auditor must evaluate the competence, capabilities and objectivity of the expert, obtain an understanding of the work done, and evaluate the appropriateness of the work done as audit evidence. 5.6.4 Use of management’s evidence If information produced by the entity is to be used by the auditor, the auditor needs to evaluate whether it is sufficiently reliable for the auditor's purposes, including obtaining audit evidence regarding its accuracy and completeness, and evaluating whether it is sufficiently precise and detailed. 5.6.5 Audit Assertions The auditor should design appropriate substantive procedures to obtain AE about financial statement assertions. The assertions are the representations of the directors that are embodied in the Financial Statements, these are: Assertions about classes of transactions and events for the period under audit include: Occurrence: transactions and events that have been recorded have occurred and pertain to the entity Completeness: all transactions and events that should have been recorded have been recorded Accuracy: amounts and data on recorded transactions and events have been recorded accurately Cut-off: transactions and events have been recorded in the correct accounting period Classification: transactions and events have been recorded in the proper accounts Assertions about account balances at the period end include Existence: assets, liabilities and equity interests exist Rights and obligations: the entity has rights to assets and obligations over liabilities shown. Completeness: all assets, liabilities and equity interests of the entity have been recorded. 75 ASSURANCE Valuation and allocation: assets, liabilities and equity interests are included the Financial Statements at appropriate. amounts Assertions about presentation and disclosure include Occurrence and rights and obligations: disclosed events, transactions, and other matters have occurred and pertain to the entity Completeness: all disclosures that should have been included in the Financial Statements have been included Classification and understandability: financial information is appropriately presented and described and disclosures are clearly expressed Accuracy and valuation: financial and other information are disclosed fairly and at appropriate amounts 5.6.6 Types of audit procedure Various methods can be used to obtain audit evidence including inspection, observation, inquiry and confirmation, recalculation, performance and analytical procedures. The auditor can also obtain evidence using some computer assisted auditing techniques (CAATS) when they are auditing a systems environment where the volume of transactions is high. Examples are discussed below. 5.6.7 Data analytic software Data analytic software (sometimes called audit software) will perform automatic checks on client’s data that are traditionally performed manually by the auditor; the most common software is the interrogation software which allows the auditor to access the client’s data files and import them into his computer for his analysis. 5.6.8 Audit test data Audit test data is used to test whether systems are processing transactions correctly by allowing the auditor to evaluate the processing of the data against pre-calculated processing results. This can also be used to test system controls over the processing of invalid data. Using test data will necessitate the correction of data files to avoid the corruption of the system. 5.6.9 Embedded audit software This comprise of audit modules that are incorporated into the client’s system to facilitate audit review over data processing at the posting or execution. This is more effective than the use of test data whose results can be manipulated easily by IT experts. 5.7 Substantive Audit Procedures Auditors need to obtain sufficient appropriate audit evidence to support the financial statement assertions. Substantive procedures can be used to obtain that evidence. 76 ASSURANCE 5.7.1 Types of audit tests Substantive procedures are tests to obtain audit evidence to detect material misstatements in the financial statements. They are generally of two types: Analytical procedures Tests of detail of transactions, account balances and disclosures The types of substantive tests carried out to obtain evidence about various financial statement assertions are outlined in the table below. Audit assertion Type of assertion Completeness Classes of transactions Account balances Presentation and disclosure Rights and obligations Account balances Presentation and disclosure. Valuation and allocation Account balances Presentation and disclosure Existence Account balances Occurrence Classes of transactions Presentation and Disclosure Accuracy Classes of transactions Presentation and disclosure Classification understandability Cut-off and Classes of transactions Presentation and Disclosure Classes of transactions Audit tests (a) Review of post year-end items (b) Cut-off testing (c) Analytical review (d) Confirmations (e) Reconciliations to control accounts (a) Reviewing invoices for proof that item belongs to the company (b) Confirmations with third parties (a) Matching amounts to invoices (b) Recalculation (c) Confirming accounting policy is consistent and reasonable (d) Review of post year-end payments and invoices (e) Expert valuation (a) Physical verification (b) Third party confirmations (c) Cut-off testing (a) Inspection of supporting documentation (b) Confirmation from directors that transactions relate to business (c) Inspection of items purchased (a) Recalculation of correct amounts (b) Third party confirmation (c) Analytical review Presentation and disclosure (a) Confirming compliance with law and accounting standards (b) Reviewing notes for understandability (a) Cut-off testing (b) Analytical review The auditor may use the following model for drawing up an audit plan: 77 ASSURANCE Agree opening balances with previous year's working papers Review general ledger for unusual records Agree client schedules to/from accounting records to ensure completeness Carry out analytical review Test transactions in detail Test balances in detail Review presentation and disclosure in accounts 5.7.2 Directional testing For any item that is being tested there are two possibilities. It could be fairly stated or misstated. There are also two possibilities of misstatement. It could either be overstated or understated. Testing for overstatement or understatement determines the direction in which audit evidence is obtained, either from the accounting records to supporting documentation from third parties or from outside the entity (third party documentation) to the accounting records. There are tests designed to uncover each type of misstatement. There are tests to discover omissions hence understatement and tests to discover errors, which result in both over and understatement. Directional testing draws from the principle of double entry allowing the auditor to draw conclusions not only of debit or credit items being directly tested but also about their corresponding entries i.e. testing an asset for overstatements provides comfort over the corresponding liability account. 5.7.2.1 Tests to discover omissions or understatements These tests are designed to start from an independent /third party or outside source which are then matched to the entity’s records to ensure everything has been fully recorded. 5.7.2.2 Tests to discover errors (both overstatements and understatements) These tests are designed to start from accounting records which are matched to the third party or independent information. Such tests should detect any overstatement and also any understatement through causes other than omission. 5.7.3 General Procedures to obtain evidence As discussed in earlier chapters assurance providers obtain evidence by one or more of the following procedures 5.7.3.1 Inspection of Records or Documents Inspection consists of examining records or documents, whether internal or external, in paper form, electronic form, or other media. Inspection of records and documents provides audit evidence of varying degrees of reliability, depending on their nature and source and, in the case of internal records and documents, on the effectiveness of the controls over their 78 ASSURANCE production. An example of inspection used as a test of controls is inspection of records or documents for evidence of authorization. Some documents represent direct audit evidence of the existence of an asset, for example, a document constituting a financial instrument such as a stock or bond. Inspection of such documents may not necessarily provide audit evidence about ownership or value. In addition, inspecting an executed contract may provide audit evidence relevant to the entity’s application of accounting policies, such as revenue recognition. 5.7.3.2 Inspection of Tangible Assets Inspection of tangible assets consists of physical examination of the assets. Inspection of tangible assets may provide reliable audit evidence with respect to their existence, but not necessarily about the entity’s rights and obligations or the valuation of the assets. 5.7.3.3 Observation Observation consists of looking at a process or procedure being performed by others. Examples include observation of the counting of inventories by the entity’s personnel and observation of the performance of control activities, e.g. wages pay-out. Observation provides audit evidence about the performance of a process or procedure, but is limited to the point in time at which the observation takes place and by the fact that the act of being observed may affect how the process or procedure is performed. 5.7.3.4 Inquiry Inquiry consists of seeking information from knowledgeable persons, both financial and nonfinancial, throughout the entity or outside the entity. Inquiry is an audit procedure that is used extensively throughout the audit and often is complementary to performing other audit procedures. Inquiry alone ordinarily does not provide sufficient audit evidence to detect a material misstatement at the assertion level nor is it sufficient to test the operating effectiveness of controls. Inquiries may range from formal written inquiries to informal oral inquiries. Evaluating responses to inquiries is an integral part of the inquiry process. Responses to inquiries may provide the auditor with information not previously possessed or with corroborative audit evidence. Alternatively, responses might provide information that differs significantly from other information that the auditor has obtained. In some cases, responses to inquiries provide a basis for the auditor to modify or perform additional audit procedures. Although corroboration of evidence obtained through inquiry is often of particular importance, in the case of inquiries about management intent, the information available to support management’s intent may be limited. In these cases, understanding management’s past history of carrying out its stated intentions with respect to assets or liabilities, management’s stated reasons for choosing a particular course of action, and management’s 79 ASSURANCE ability to pursue a specific course of action may provide relevant information about management’s intent. In respect of some matters, the auditor obtains written representations from management to confirm responses to oral inquiries. For example, the auditor ordinarily obtains written representations from management on material matters when other sufficient appropriate audit evidence cannot reasonably be expected to exist or when the other audit evidence obtained is of a lower quality. 5.7.3.5 Confirmation Confirmation, which is a specific type of inquiry, is the process of obtaining a representation of information or of an existing condition directly from a third party. For example, the auditor may seek direct confirmation of receivables and bank balances by communication with debtors and banks respectively. Confirmations are frequently used in relation to account balances and their components, but need not be restricted to these items. For example, the auditor may request confirmation of the terms of agreements or transactions an entity has with third parties; the confirmation request is designed to ask if any modifications have been made to the agreement and, if so, what the relevant details are. Confirmations also are used to obtain audit evidence about the absence of certain conditions, for example, the absence of a condition that may influence revenue recognition. 5.7.3.6 Recalculation Recalculation consists of checking the mathematical accuracy of documents or records. Recalculation can be performed through the use of information technology, for example, by obtaining an electronic file from the entity and using CAATs to check the accuracy of the summarization of the file. 5.7.3.7 Reperformance Reperformance is the auditor’s independent execution of procedures or controls that were originally performed as part of the entity’s internal control, either manually or through the use of CAATs, for example, reperforming the ageing of accounts receivable. 5.7.4 Analytical Procedures Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and non-financial data. Analytical procedures also encompass the investigation of identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts. A basic premise underlying the application of analytical procedures is that plausible relationships among data may reasonably be expected to exist and continue in the absence of conditions to the contrary. The basic question that AR answers is whether the information in the accounting records is consistent with the auditor’s prior expectation. 80 ASSURANCE Use of AR is based on the following factors: plausibility and predictability of relationships, the availability and relevance of information, the comparability of information, and the auditor’s cumulative audit knowledge and experience (CAKE). ISA 520: Analytical Procedures gives more detail on the use of analytical procedures as a substantive or detailed audit procedure. Analytical procedures are used at all stages of the audit, planning, verification phase as substantive procedures and the completion phase as a final “sense check” of whether there are inconsistencies in audit evidence. When using analytical procedures as substantive tests, auditors must consider the information available, assessing its availability, relevance and comparability. 5.7.5 Timing of analytical reviews Analytical review will be applied throughout the audit stages with specific objectives: 1. Analytics in the planning stage also called “Risk assessment analytics” or “Planning analytics” Applied at the planning stage of the audit and used to identify areas of potential audit risk or where changes to the business have occurred. This enables the auditor to plan his audit procedures appropriately to reduce audit risk. 2. Substantive analytics Substantive analytical procedures play an important part in a risk-based audit approach. Their purpose is to obtain assurance, in combination with other audit testing (such as tests of controls and substantive tests of details), with respect to one or more financial statement assertions for one or more audit areas. Properly designed and executed, substantive analytical procedures can allow us to achieve audit objectives more efficiently by reducing or replacing other detailed audit testing. 3. Final analytics ISAs require the use of final analytical procedures in the final review stage of the audit when forming an overall conclusion as to whether the financial statements as a whole are consistent with our understanding of the business. This acts as a test of the appropriateness and sufficiency of audit evidence obtained, in that any significant differences from the auditor’s expectation must already be explained by the audit evidence obtained. 5.7.6 Stages in analytical review 1. Development of an independent expectation An independent expectation of the value of an account balance or class of transactions’ value is developed from the auditors’ knowledge of client’s business and other external sources. 81 ASSURANCE 2. Define significant difference or threshold A threshold for further investigation is established to guide the auditor to areas where results are materially different from his expectation and require further tests before audit comfort is obtained. This is usually set at the level set for the planning materiality. 3. Compute difference from expectation Involves comparison of the reported figures to the auditor’s expectation and a check if differences from expectation are within the threshold. 4. Investigation of significant differences and drawing audit conclusions Differences from the auditor’s expectations are investigated and where appropriate substantive tests are conducted to ensure that all significant differences from the auditor’s expectation are fully supported by audit evidence and audit comfort is obtained. 5.7.7 Types of analytical review 1. Trend analysis 2. Ratio analysis 3. Reasonableness testing 4. Regression analysis 5. Scanning analytics When using analytical procedures the following factors should be considered: Determine the objective of analytical procedures Suitability of the procedure and Reliability of information used. These factors are further considered below Factor Considerations Suitability Analytical procedures will be more suited to large volumes of transactions that are generally predictable. The objective of analytics can be to provide persuasive evidence or to only corroborate other procedures. Analytics will consider if there are other tests for the same assertions or transactions being tested. Analytics consider the level risk associated with the assertion being tested. Reliability of Consider whether information is internal or external to the client information used Consider if information is comparable to perform the analytic Consider the nature and type of information used, such as budgets, whether they are realistic and are based on stringent review process. Consider controls around the preparation of information to ensure accuracy completion and validity. Precision Consider the accuracy or precision of the conclusions that the user wants to derive from the procedure. Acceptable This relates to the level of error in the audit procedures that the client difference can tolerate 82 ASSURANCE 5.7.8 Auditing accounting estimates Most financial statements will have estimated figures by management. These include depreciation, product warranty/guarantee, various provisions for o obsolete inventory, o bad debtors o Legal costs o Impairment of investments. Estimates will require significant management judgement as opposed to being based on invoices or other third party information. There is therefore a risk that management may be biased in making their estimates. The duty of the auditor is to understand and question the validity of the judgements made by management. The auditor will therefore test the management process, use an independent estimate and review subsequent events Method Test the process used by management to estimate the figure and the data it is based on Example In determining a doubtful debt provision the auditor should: Considering past experience Reviewing calculations Consider factors that may have changed in the current year that affect the estimate Use of point estimate The auditor may use an available or proprietary model or introduce different assumptions or engage specialists to develop a model. A management's point estimate is the amount selected by management for recognition or disclosure in the financial statements as an accounting estimate. An auditor's point estimate or auditor's range is the amount, or range of amounts, respectively, derived from audit evidence for use in evaluating management's point estimate. Review events after the period end up to Final outcomes after the year end help the the date of reporting auditor to amend the provisions made before year end and avoids using point estimates Test effectiveness of controls over the Strong controls over determination of the process of determining the estimates estimate help to ensure that there are no major errors in the estimates made by management. 83 ASSURANCE 5.7.9 Risk Assessment procedures ISA 540: Audit of accounting estimates requires the auditor to obtain an understanding of the following to provide a basis for the identification and assessment of the risks of material misstatement for accounting estimates: The requirements of the applicable financial reporting framework How management identifies those transactions, events and conditions that may give rise to the need for accounting estimates How management makes the accounting estimates and an understanding of the data on which they are based including: – Method – Relevant controls – Assumptions – Whether change from prior period in method used – Whether management has assessed the effect of estimation uncertainty The ISA also states that the auditor shall review the outcome of accounting estimates included in the prior period. Risk identification and assessment The auditor shall also evaluate the degree of estimation uncertainty associated with an accounting estimate. Where estimation uncertainty is assessed as high, the auditor shall determine whether these give rise to significant risks. The ISA requires the auditor to perform one or more of the following: Determine whether events occurring up to the date of the auditor's report provide audit evidence regarding the accounting estimate. Test how management made the accounting estimate and the data on which it is based. Test the operating effectiveness of controls over how the accounting estimate was made. Develop a point estimate or a range to evaluate management's point estimate. Substantive procedures in response to significant risks Where the auditor judges that the accounting estimate gives rise to a significant risk, he shall evaluate the following in accordance with ISA 540: How management has considered alternative assumptions and why these have been rejected Whether the assumptions used are reasonable Management's intent to carry out specific courses of action and its ability to do so If the auditor considers that management has not adequately addressed the effects of estimation uncertainty on accounting estimates that give rise to significant risks, he shall, if necessary, develop a range with which to evaluate the reasonableness of the accounting estimate. 84 ASSURANCE 5.8 Audit sampling Audit sampling is the application of auditing procedures to a representative group of less than 100% of the items within an account balance or class of transactions (or subset of either) for the purpose of evaluating some characteristic of the entire balance or class (or population tested). Sampling is done in such a way that all sampling units have an equal chance of selection. Audit sampling can be applied using either statistical or non-statistical methods. The population is the entire set of data from which a sample is selected and about which the auditor wishes to draw conclusions. Auditors do not normally examine all the information available to them as it would be impractical to do so and using audit sampling will produce valid conclusions. ISA 530 Audit sampling provides guidance to auditors. Some testing procedures do not involve sampling, such as: Testing 100% of items in a population Testing all items with a certain characteristic as selection is not representative Auditors are unlikely to test 100% of items when carrying out tests of controls, but 100% testing may be appropriate for certain substantive procedures. For example, if the population is made up of a small number of high value items, there is a high risk of material misstatement and other means do not provide sufficient appropriate audit evidence, then 100% examination may be appropriate. Audit sampling can be done using either statistical sampling or non-statistical sampling methods. Statistical sampling is an approach to sampling that involves random selection of the sample items, and the use of probability theory to evaluate sample results, including measurement of sampling risk. Non-statistical sampling is a sampling approach that does not have these characteristics. So, bearing in mind the definitions above, sampling is non-statistical when it does not meet the criteria required of statistical sampling. If each item of the population does not have an equal chance of selection, the sampling technique is non-statistical. The difference between the two types of sampling is that, with statistical sampling, the sampling risk can be measured and controlled (we look at sampling risk in Section 3.2). With non-statistical sampling it cannot be measured. Although the audit procedures performed on the items in the sample will be the same, whether a statistical or non-statistical approach is used, meaningful extrapolation can only occur from a statistical sample which has been selected randomly. The auditor may alternatively select certain items from a population because of specific characteristics they possess. The results of items selected in this non-statistical way cannot be 85 ASSURANCE projected onto the whole population but may be used in conjunction with other audit evidence concerning the rest of the population. High value or key items. The auditor may select high value items or items that are suspicious, unusual or prone to error. All items over a certain amount. Selecting items this way may mean a large proportion of the population can be verified by testing a few items. Items to obtain information about the client's business, the nature of transactions, or the client's accounting and control systems. Items to test procedures, to see whether particular procedures are being performed. 5.8.1 Design of the sample Sampling risk is the risk that the conclusions drawn from our audit sample testing might be different from those that would have been reached if the auditing procedure were applied to all the items in the account or population. There are two types of sampling risk: 1. The risk that we will conclude, in the case of a test of control, that control risk is lower than it actually is, or in the case of a substantive test, that a material error does not exist when in fact it does. This type of risk affects audit effectiveness and is more likely to lead to an inappropriate audit opinion; and 2. The risk that we will conclude, in the case of a test of control, that control risk is higher than it actually is, or in the case of a substantive test, that a material error exists when in fact it does not. This type of risk affects audit efficiency as it would usually lead to additional work to establish that initial conclusions were incorrect. Non-sampling risk arises from factors that cause the auditor to reach an erroneous conclusion for any reason not related to the size of the sample. For example, the use of inappropriate audit procedures, or misinterpretation of audit evidence and failure to recognise a misstatement or deviation. Sampling unit is the individual items constituting a population. It may be a physical item (e.g. credit entries on bank statements, sales invoices, receivables' balances) or a monetary unit. Stratification is the process of dividing a population into sub-populations, each of which is a group of sampling units which have similar characteristics, often monetary value. The auditor must consider the purpose of the audit procedure when designing an audit sample. The auditor must also consider the characteristics of the population. When considering the characteristics of the population, the auditor might determine that stratification or value-weighted selection is appropriate. The auditor must design a sample size sufficient to reduce sampling risk to an acceptably low level. 86 ASSURANCE Sampling risk can lead to two types of erroneous conclusions: for tests of controls, that they are more effective that they actually are or for tests of details, that a material misstatement does not exist when it actually does; and for tests of controls, that controls are less effective than they actually are or for tests of details, that a material misstatement exists when it actually does not. The lower the risk the auditor is willing to accept, the greater the sample size will need to be. Sample size can be determined using a statistically-based formula or through the use of judgement. ISA 530 also requires the auditor to select items for the sample in such a way that each sampling unit in the population has a chance of selection. When statistical sampling is used, each sampling unit has a known probability of being selected. When non-statistical sampling is used, judgement is applied. However, it is important that the auditor selects a representative sample, free from bias, by choosing sample items that have characteristics typical of the population. The main methods of selecting samples are random selection, systematic selection and haphazard selection. We discuss these and other methods below. a) Random selection ensures that all items in the population have an equal chance of selection, e.g. by use of random number tables or random number generators. (b) Systematic selection involves selecting items using a constant interval between selections, the first interval having a random start. When using systematic selection auditors must ensure that the population is not structured in such a manner that the sampling interval corresponds with a particular pattern in the population. (c) Haphazard selection may be an alternative to random selection provided auditors are satisfied that the sample is representative of the entire population. This method requires care to guard against making a selection which is biased, for example towards items which are easily located, as they may not be representative. It should not be used if auditors are carrying out statistical sampling. (d) Block selection may be used to check whether certain items have particular characteristics. For example an auditor may use a sample of 50 consecutive cheques to test whether cheques are signed by authorised signatories rather than picking 50 single cheques throughout the year. Block sampling may however produce samples that are not representative of the population as a whole, particularly if errors only occurred during a certain part of the period, and hence the errors found cannot be projected onto the rest of the population. (e) Monetary Unit sampling is a type of value-weighted selection in which sample size, selection and evaluation results in monetary amounts. Performing audit procedures Once the sample has been selected, the auditor must perform appropriate audit procedures on each item in the sample. If the audit procedure is not applicable to the selected item, the 87 ASSURANCE test must be performed on a replacement item. This could happen if, for example, a voided check is selected when testing for evidence of authorisation of payment. If the auditor cannot apply the designed audit procedures (e.g. if documentation relating to the item has been lost), or suitable alternative audit procedures, to the selected item, that item must be treated as a deviation from the prescribed control (for tests of controls) or a misstatement (for tests of details). 5.8.2 Deviations and misstatements An anomaly is a misstatement or deviation that is demonstrably not representative of misstatements or deviations in a population. Once the sample has been tested, the auditor must investigate the nature and cause of any deviations or misstatements found and evaluate their possible effect on the purpose of the audit procedure and on other areas of the audit. In rare cases, a deviation or misstatement may be considered an anomaly, in which case the auditor must obtain a high degree of certainty that this is not representative of the population, by carrying out additional audit procedures. 5.8.3 Projection of misstatements For tests of details, the auditor shall project misstatements found in the sample to the population to obtain a broad view of the scale of the misstatement but this may not be enough to determine an amount to be recorded. Misstatements established as anomalies can be excluded when projecting sample errors to the population. However, note that the effect of any uncorrected anomalies still needs to be considered. Projected errors and anomalies are combined together when considering the possible effect of errors on the total class of transactions or account balance. Where the audited entity has corrected specific errors found in the sample, the projected error may be reduced by the amount of these corrections. 5.8.4 Evaluating the results Tolerable misstatement is a monetary amount set by the auditor in respect of which the auditor seeks to obtain an appropriate level of assurance that the monetary amount set by the auditor is not exceeded by the actual misstatement in the population. Tolerable rate of deviation is a rate of deviation from prescribed internal control procedures set by the auditor in respect of which the auditor seeks to obtain an appropriate level of assurance that the rate of deviation set by the auditor is not exceeded by the actual rate of deviation in the population. ISA 530 requires the auditor to evaluate the results of the sample. For tests of controls, an unexpectedly high deviation rate in the sample may result in an increase in the assessed risk 88 ASSURANCE of material misstatement, unless further audit evidence to substantiate the initial assessment of risk is obtained. For tests of details, an unexpectedly high misstatement amount in the sample may lead the auditor to conclude that a class of transactions or account balance is materially misstated, in the absence of further audit evidence that no misstatement exists. For tests of details, the total of the projected misstatement and anomalous misstatement is the auditor's best estimate of misstatement in the population. If the total exceeds tolerable misstatement, the sample does not provide a reasonable basis for conclusions about the population. The closer the total figure is to tolerable misstatement, the more likely it is that actual misstatement in the population could exceed tolerable misstatement. The auditor must therefore also consider the results of other audit procedures to assist in determining the risk that actual misstatement in the population exceeds tolerable misstatement. The risk may be reduced if additional audit evidence is obtained. The auditor must also evaluate whether the use of sampling has provided a reasonable basis for conclusions about the population from which the sample was drawn. If the conclusion is that sampling has not provided this, the auditor may request management to investigate misstatements that have been identified and make any necessary adjustments, or tailor the nature, timing and extent of further audit procedures to best achieve the assurance required. 5.8.5 Conditions that favour audit sampling 1. Audit sampling will typically be used on populations that are made up of many homogeneous items, when it is more efficient than targeted testing based on coverage (e.g., coverage would require a large number of items to be tested). 2. When, because of the nature of the population, there are insufficient good "targets" to allow use of risk-based targeted testing. 3. When there is a low expected error rate and a clear definition of error (where there is less Sampling Risk) 5.8.6 Limitations on use of audit sampling 1. When we use audit sampling, our primary concern is overstatement. Audit sampling is generally not effective in testing for unrecorded transactions or balances. 2. Audit sampling is not appropriate when a population comprises non-homogeneous items. 5.8.7 Uses of audit sampling Some of the audit areas that the auditor may use statistical sampling are as follows: When performing compliance testing of transactions (test of controls) When doing account balance confirmations and circularisation (debtors) When engaged to investigate fraud, discovery sampling can be used 89 ASSURANCE When doing substantive testing of certain accounts (sales, cost of sale or expenses) 5.8.8 Advantages If well designed it enables the auditor to conclude with a defined level of confidence that the whole population conforms to the sample results within a stated precision limit. It may be possible to use smaller sample sizes and so allow audit efficiency and timesaving. The results of the tests can be expressed in precise mathematical terms. The process of fixing precision and confidence levels requires enables the auditor to consider and clarify his audit objectives. Bias is eliminated and allows the performance of objective audit tests. The sample size is objectively defined, having regard to the degree of risk the auditor is prepared to accept for each test. 5.8.9 Disadvantages Possible bias in sample selection may invalidate the sampling conclusions. Sampling usually needs some corroborative evidence from other tests done on the population. The technique requires the use of some technical parameters which might not be well understood by the users. More time can be spent in working-out the parameters to be used on the test and can lead to audit inefficiency. The technique may be applied blindly on areas where it is not suitable, like in testing for understatements. 5.9 Documentation of audit evidence Audit documentation is also referred to as audit work papers and it is defined as record of audit procedures performed, relevant audit evidence obtained and conclusions reached. 5.9.1 The purpose of documentation Assurance providers should document the work they have done. Documentation enables the reporting partner to ensure all planned work has been completed adequately. Therefore documentation also helps achieve the following It Provide details of work done for future reference Assist in planning and control of future audits Encourage a methodical approach 90 ASSURANCE Documentation is supposed to be prepared on a timely basis and it provides evidence of the auditor's basis for a conclusion about the achievement of the overall objective. This provides evidence that the audit was performed in accordance with relevant standards, laws and regulatory requirements It assists the engagement team to plan and perform the audit. It assists team members responsible for supervision to direct, supervise and review audit work. It enables the team to be accountable for its work and proved adherence to ISA’s in litigious situations. It allows a record of matters of continuing significance to be retained. It enables the auditor to conduct quality control reviews and inspections It enables experienced auditors to conduct external quality control inspections in accordance with applicable regulatory and other requirements Auditors may find it useful to include a summary of significant audit matters arising during the audit and how these have been addressed. This will facilitate effective reviews of the documentation and in assessing the impact of those matters on the assurance report. 5.9.2 Form and content of documentation Working papers should be titled and documented to contain relevant information Work papers may be automated. Working papers should be sufficiently complete and detailed to provide an overall understanding of the audit. However since auditors cannot record everything they consider during the audit. Judgement must be used to document adequately in a manner that allows the work to be reperformed by an independent auditor. This general rule states that: Documentation should be sufficient to provide an experienced auditor, with no previous connection with the audit, with an understanding of the work performed, the results of audit procedures, audit evidence obtained, significant matters arising during the audit and conclusions reached. Therefore the workpapers may be affected by The size and complexity of the entity The nature of the audit procedures to be performed The identified risks of material misstatement The significance of the audit evidence obtained The nature and extent of exceptions identified The need to document a conclusion and its basis or the failure to come up with a proper basis. 91 ASSURANCE The audit methodology and the tools used. An audit file will contain the following workpapers: Information obtained in understanding the entity and its environment, including its internal control, such as the following: Information concerning the legal documents, agreements and minutes Extracts or copies of important legal documents, agreements and minutes Information concerning the industry, economic environment and legislative environment within which the entity operates Extracts from the entity's internal control manual Evidence of the planning process including audit programmes and any changes thereto Evidence of the auditor's consideration of the work of internal audit and conclusions reached Analyses of transactions and balances Analyses of significant ratios and trends Identified and assessed risks of material misstatements A record of the nature, timing, extent and results of audit procedures Evidence that the work performed was supervised and reviewed An indication as to who performed the audit procedures and when they were performed Details of audit procedures applied regarding components whose financial statements are audited by another auditor Copies of communications with other auditors, experts and other third parties Copies of letters or notes concerning audit matters communicated to or discussed with management or those charged with governance, including the terms of the engagement and significant deficiencies in internal control Written representations received from management of the entity Conclusions reached by the auditor concerning significant aspects of the audit, including how exceptions and unusual matters, if any, disclosed by the auditor's procedures were resolved or treated Copies of the financial statements and auditors' reports Notes of discussions about significant matters with management and others In exceptional circumstances, the reasons for departing from a basic principle or essential procedure of an ISA and how the alternative procedure performed achieved the audit objective. 92 ASSURANCE Work papers should also show 5.9.3 The name of the client The reporting or year-end date The file reference of the working paper The name of the preparer The date of preparation The subject of the work paper The name of the reviewer The date of the review The objectives of the work done The source of information An explanation of how the sample was selected The sample size The actual work done A key or legend of any audit tick marks or symbols used. Appropriate cross referencing The results of obtained A summary and related assessment or analysis of the errors noted Other significant observations The conclusions reached A highlight of the key points Standardised working papers Auditors develop various templates for performing various things and this helps them become more efficient and spend less time with performing certain procedures. Examples of standardised working papers include checklists and specimen letters. However though they may improve the efficiency of audit work they also pose a risk that auditors do not thoroughly think through the audit procedure and mechanically a predetermined approach instead of using audit judgement 5.9.4 Automated and electronic working papers Automated working paper packages have been developed which can make the documentation of audit work much easier. Such programs aid preparation of working papers, lead schedules, the trial balance and the financial statements themselves. These are automatically crossreferenced, adjusted and balanced by the computer. The advantages of automated working papers are as follows. The risk of errors is reduced. The working papers will be neater and easier to review. The time saved will be substantial as adjustments can be made easily to all working papers, including those summarising the key analytical information. Standard forms do not have to be carried to audit locations. Audit working papers can be transmitted for review via a modem or fax facilities. Electronic working papers do not involve any automatic calculations or data analytics facilities. These will be separate software that is purposely made for data extraction, 93 ASSURANCE interrogation and analysis. The output of these interrogation applications will be recorded in the auditors normal electronic work papers. The auditors work papers will therefore take the form of a database of audit programs and procedures which can easily be linked or cross referenced within the program and which all together make a complete electronic audit file. The workpapers can be signed off as prepared by the preparer, as reviewed by the various reviewers, including managers and partners etc., and written review notes can be addressed to the preparers for their further action. 5.9.5 Filing of workpapers Firms should have standard referencing and filing procedures for working papers to facilitate their review. For recurring audits, working papers may be split between: 5.9.6 5.9.7 Permanent audit file. This file contains information of continuing importance to the audit such as: (containing information of continuing importance to the audit). These contain: Engagement letters New client questionnaire The memorandum and articles Other legal documents such as prospectuses, leases, sales agreement Details of the history of the client's business Board minutes of continuing relevance Previous years' signed accounts, analytical review and management letters Accounting systems notes, previous years' control questionnaires Current audit file. This file contains information of relevance to the current year’s audit such as….(containing information of relevance to the current year's audit). These should be compiled on a timely basis after the completion of the audit and should contain): Financial statements Accounts checklists Management accounts details Reconciliations of management and financial accounts A summary of unadjusted errors Report to partner including details of significant events and errors Review notes Audit planning memorandum Time budgets and summaries Representation letter Management letter Notes of board minutes Communications with third parties such as experts or other auditors 94 ASSURANCE They also contain working papers covering each audit area. These should include the following: A lead schedule including details of the figures to be included in the accounts Problems encountered and conclusions drawn Audit programmes Risk assessments Sampling plans Analytical review Details of substantive tests and tests of control If it is necessary to modify/add new audit documentation to a file after it has been assembled, the auditor should document: Who made the changes, and when, and by whom they were reviewed The reasons for making changes The effect of changes on the auditors' conclusions If, in exceptional circumstances, changes are made to an audit file after the audit report has been signed, the auditor should document: 5.9.8 The circumstances The audit procedures performed, evidence obtained, conclusions drawn When and by whom changes to audit documents were made and reviewed Safe custody and retention of working papers Judgement may have to be used in deciding the length of holding working papers, and further consideration should be given to the matter before their destruction. The Companies Act requires seven years as a minimum period. Working papers are the property of the auditors. They are not a substitute for, nor part of, the entity's accounting records. Auditors must follow ethical guidance on the confidentiality of audit working papers. They may, at their discretion, release parts of or whole working papers to the entity, as long as disclosure does not undermine ‘the independence or validity of the audit process. Information should not be made available to third parties without the permission of the entity. Ownership and right of access to documentation The following general principles apply Working papers belong to the assurance providers. They are not a substitute for, nor part of, the entity’s accounting records. However; The report once issued belongs to the client Assurance providers must follow ethical guidelines to keep working papers confidential. 95 ASSURANCE They may show working papers to clients at their discretion, so long as the assurance process is not prejudiced They should always obtain client permission before showing working papers to third parties. This would arise when working papers might be shared with an incoming auditor. 5.10 Internal controls The auditor will seek to rely on controls in order to have a more efficient approach that has less substantive or detailed testing. Therefore understanding and evaluating clients’ systems of internal controls is relevant to the auditors planning process. We will therefore discuss the requirements of ISA 315: Understanding the entity and its environment and assessing the risk of material misstatement on internal controls and set out other matters for the auditor’s consideration. 5.10.1 Definition of internal control system Internal control is the process designed to provide reasonable assurance that the achievement of the entity's objectives will be achieved with regard to reliability of financial reporting, effectiveness and efficiency of operations and compliance with applicable laws and regulations. It is also defined as “The whole system of controls, financial and otherwise, established by management in order to carry on the business of the enterprise in an orderly and efficient manner, ensure adherence to management policies, safeguard the assets and ensure/secure as far as possible the completeness of accuracy of the records. 5.10.2 Reasons for Internal Controls The reasons for internal are: Minimising business risks Ensuring continuity of effective management of the company Ensuring the company complies with relevant laws and regulations. 5.10.3 Limitations of internal controls The following are the common limitations of internal control Human error and involvement mean that the controls being implemented are usually only as good as the people implementing and operating them. This gives room for human error and mistakes when implementing and operating controls. Collusion can lead to override or avoidance of controls in order to defraud the company Unusual transactions are usually not planned for when designing internal controls. This means that when such transactions occur the control may not address the risks posed by these non-routine transactions. 96 ASSURANCE 5.10.4 Components of internal control Controls may relate to various aspects and may be financial, operational, of compliance in nature. Understanding internal controls assist the auditor determined which of these controls are relevant for their audit testing and therefore which ones can be used to reduce audit testing. In making this decision the decision looks whether the control has been properly designed to address the risks that affect a specific process objective or not and also Whether the control is effectively being applied. Where controls are not properly designed or are not effective, the auditor places more reliance on detailed substantive testing of transactions and balances. ISA 315 provides the various components of internal control that are considered by the auditor as follows: The control environment The entity's risk assessment process The information system relevant to financial reporting Control activities Monitoring of controls These components are explained below in more detail. 5.10.4.1 The control environment This mainly relates to high level systems that enable the establishment, implementation and ensure compliance to detailed internal control policies and procedures. It therefore includes all functions of governance and management, the culture or attitude towards risk and related controls and the resultant actions of management in response to risks and in their attempt to comply with the set controls. The control environment is therefore mainly determined by senior management and those charged with governance of the entity since these set an example or also “set the tone” in the organisation to which the whole organisation responds and follows. Therefore the example set by senior management is usually called the “tone at the top”. The auditor is required to understand the control environment and whether management have created a culture of honesty and ethical behaviour and whether the control environment serves as a strong foundation for the implementation of detailed internal control policies and procedures. The control environment and related activities is illustrated in the table below. The auditor shall assess whether these elements of the control environment have been implemented using a combination of inquiries of management and observation and inspection. 97 ASSURANCE Communication and Essential elements which influence the effectiveness of enforcement of integrity the design, administration and monitoring of controls and ethical values Commitment to competence Management's consideration of the competence levels for particular jobs and how those levels translate into requisite skills and knowledge. Participation by those charged with governance. Independence from management Experience and stature Extent of involvement and scrutiny of activities Appropriateness of actions and interaction with internal and external auditors Management's philosophy and operating style Approach to taking and managing business risks Attitudes and actions towards financial reporting Attitudes towards information processing and accounting functions and personnel. Organisational structure The framework within which an entity's activities for achieving its objectives are planned, executed, controlled and reviewed Assignment of and Responsibility authority How authority and responsibility for operating activities are assigned and how reporting relationships and authorisation hierarchies are established. Human resource and Practices policies Recruitment, orientation, training, evaluating, counselling, promoting, compensation and remedial actions 5.10.4.2 The Entity's risk assessment process is the process of Identifying business risks relevant to financial reporting objectives Estimating the significance of the risks Assessing the likelihood of their occurrence Deciding upon actions to address those risks The auditor is required by ISA 315 to obtain an understanding of whether the entity has a robust risk assessment process. If the entity has established such a process, the auditor shall obtain an understanding of it. If there is not a process, the auditor shall discuss with management whether relevant business risks have been identified and how they have been addressed. 98 ASSURANCE Audit Committees: are important parts of the control environment. An audit committee is a subcommittee of the board of directors who are ultimately responsible for implementing internal controls, financial reporting and legal compliance. Audit committees usually have terms of reference based on corporate governance codes such as the King III code and the Malawi Code of Corporate Governance. Typical terms of reference include: To review the integrity of the financial statements and formal announcement relating company performance To review internal controls and risk management systems To monitor and review the effectiveness of the company’s internal audit function. To make recommendations to the board regarding external auditors To monitor the independence of the external auditor To implement policy on the provision of non-audit services by the external auditor. 5.10.4.3 The Information system relevant to financial reporting includes the financial reporting system and consists of the procedures and records established to initiate record, process and report entity information. And maintain accountability of all assets and liabilities and equity of the company. The auditor will review the following Classes of transaction that are significant to the entity’s financial statements Procedures of initiating, recorded, processed corrected and reported. Related accounting records and supporting information How she system captures events that are not significant to the financial statements. The process of preparing financial statements. 5.10.4.4 Control activities are detailed policies and procedures that ensure that management’s directives are met. Types of internal controls There are 5 main types or categories of internal controls as given by the standard. Type of control Authorisation Example Approval transactions /documents. Explanation of Transactions and documents should be approved by an appropriate official before execution and processing for accounting purposes. The lines of authority for approval of such transactions and events should be clearly defined and communicated to all staff members to facilitate 99 ASSURANCE compliance. Segregation duties sharing of with the following objectives: of The responsibilities for Ensuring that no one person is responsible for executing different the recording and processing of a complete stages of a transaction transaction. including roles of authorising, recording Reducing the risk of intentional manipulation, and maintaining custody fraud or accidental errors through the of assets. involvement of a chain of control. An example is given of a sales transaction where segregation of duties requires the involvement of the following: The sales representative who initiates the sales order by collecting it from the customer. The Creditor controller who approves the sale to be on credit. The warehouse manager who authorises the stock issue. The security check personnel who checks the authenticity of the transaction before allowing transfer of items. Information processing Controls to check the These controls generally cover General IT accuracy, completeness controls, which are controls in the IT function and authorisation of as a whole, or in general and Application transactions controls which are controls over specific process of focus or interest. Physical controls physical assets security of These have a bearing on the physical custody of assets, and involve procedures designed to limit access to the assets to only authorised personnel. These are sometimes referred to as Access Controls. Physical security is restricting access to authorised personnel. Electronic access This is implemented by using passwords over controls to computer computer programs and data files to ensure programs and that only authorised personnel have access. application and data files. Periodic counting and This can be done through inventory counts comparisons with and also petty cash count. information in accounting records. 100 ASSURANCE Performance reviews Business reviews performance This is a high level review of the business through review of budgets and actual performance Supervision All work done by the members of staff should be supervised and checked by a responsible officer who ranks higher on the company’s and section hierarchy. The responsibility for supervision should be clearly defined and communicated to the person being supervised to facilitate understanding and acceptance. Mathematical checks These are controls in the recording function which check that the transactions have been authorised, are complete, have been correctly recorded and accurately processed. The procedures include the following: o Verification of arithmetical accuracy of record. o The maintenance and checking of totals. o The performance and checking of account reconciliations and analyses. o The maintenance of control accounts. o Sequence (continuity) checks of documentation. o Acknowledgement of performance (signatures, initials, rubber stamps, access passwords). 5.10.5 Information processing controls Information processing (IP)/information Technology (IT) controls generally relate to controls in a computer environment, these controls can be fully automated or manual. 5.10.5.1 Risks and Control objectives of information processing controls The objective of information processing (IP) controls is to ensure the effectiveness of the computer system environment which includes the following: To ensure that controls within the computer system environment that support reliable and continuous processing by computerized accounting systems; and To ensure that changes that has taken place in computer systems and hardware platforms during the period under have been done in line with policies and procedures and, 101 ASSURANCE 5.10.5.2 The following are risks that affect IT systems. General system access risk. This is the risk that unauthorised persons (employees or outsiders) may gain access to data files or application programs used to process transactions, enabling them to make unauthorised changes to the system; Information systems continuity risk, which is the risk that the organisation has not made suitable arrangements to ensure the continuity of its processing systems and operations; Organisational structure and operational procedure risk, which is the risk that the structure of the information systems department may not facilitate an adequate segregation of functions. Related to this is the lack of or the poor implementation of systems operations procedures by staff; and, Environmental information and related risk, which is the risk that the information technology organisation structure and operating procedures may not result in a data processing environment that is conducive to the preparation of reliable financial and management information. Related to this is the control of the physical conditions in which the information systems operate. 5.10.5.3 Types of information processing controls Information Processing Controls are generally categorised as being either general controls or application controls. General controls are controls in the form of policies and procedures that create a control environment in the information technology of the organisation. General information technology controls sets the tone of the organisation and influences the level of compliance and control consciousness of the organisation with regards to IT controls. The stronger the general controls and control environment the stronger the level of compliance to policies and procedures and internal controls implemented by management. General controls are therefore cross cutting and affect all the information system applications used by the entity and ensure that they are properly operating. 5.10.5.4 Application controls As opposed to general policies and procedures that are not specific to any IT Systems, application controls apply to specific IT systems. These controls will therefore be used in the actual processing of financial information and can be both manual and automated in nature. The purpose of application controls over accounting applications is to provide assurance that all transactions are authorised and recorded, and are processed completely and accurately and on a timely basis. Indicated below are examples of both general and application controls General IT Controls Area Development of computer programs and Control(s) Standards should exist over system design, programming and documentation 102 ASSURANCE applications Changes to programs Testing documentation changes and of There should be full testing procedures using test data in a test and not a live working environment There should be adequate approval by both users and management There should be segregation of duties so that those responsible for design are not also responsible for testing. There should be standard Installation procedures so that data is not accidentally destroyed or corrupted in transition. There should be adequate training of staff in the use of developed applications. Training documentation should be available to users There should be adequate segregation of duties over change procedure All changes made should be fully documented and records should be adequately maintained. There should be strong password protection so that access to programs and applications is restricted to the right people. There should be physical restricted access to the computer room housing servers, and central databases. Access can be restricted by locked doors and keypads There should be proper maintenance of program logs Viruses should be checked and cleaned through used of antivirus software and restriction of unauthorised software on the organisations computer equipment. Adequate backups should be made of all applications and data and should be stored offsite in multiple secure locations Some controls should only be accessed as read only programs and databases with very limited access to few individuals to make approved changes. There should be adequate/thorough testing procedures There should be standard documentation protocols, computer languages and methods that should be used by everyone making changes to allow future users/reviewers understand the changes that have been made. There should be adequate approval of changes by both computer users and management There should be adequate training and documentation for staff to enable them understand the changes made and 103 ASSURANCE know how to use the changed programs and application. Controls to prevent wrong programs or files from being used. Controls over (unauthorised) amendments to data files Controls over continuity of operations There should be standard operating procedures over programs There should be proper operational planning or scheduling of jobs and related programs to allow effective operation of current programs and proper flow of tasks in the IT environment. There should be a proper library, list or database of programs that are currently being used by client with a proper description of the purpose and use of each program These include passwords and other built in controls. Storing extra copies of programs and data files off-site Protection of computer equipment against the elements of fire, water and other hazards Having adequate power back up sources Having adequate emergency procedures for various disasters or unexpected events. Having adequate disaster recovery procedures Having maintenance agreements and adequate insurance over equipment and other potential business losses. Examples of application Controls Area and/ assertion Control(s) (Manual- M or Automated –A or Both –B) Controls over input Agreement of controls total (M/A) (Completeness) Document counts One for one checking of processed output to source documents Procedures over resubmission of rejected data Controls over (Accuracy) input Programs to check data fields such as values, reference numbers, dates or reasonability of input transactions: 104 ASSURANCE o o o o o o Verification of digit numbers such as ensuring that the reference numbers are expected or make sense. Reasonableness tests such as testing VAT as a percentage of total values Existence checks that customer names or other data actually exists Character checks to ensure that no unexpected characters exist in certain data fields or references Availability of necessary information to ensure that no transaction is passed with missing information Checks to ensure that transactions are processed within a permitted range. Manual checking of output and reconciling to source documents if differences exist. Agreement of control totals on information before and after processing it. Controls over (authorisation) input Manual checks to ensure information that is input was Authorised and Input by the right/authorised personnel Controls processing (completeness) Controls files over over Similar controls over input must be implemented such as batch reconciliations Screen warnings to prevent people from logging out or accidentally suspending the application before process is complete. master One to one checking of master files to source documents such as payroll to master files to personal employee files Cyclical reviews of all master files and standing data Record counts (i.e. number of documents processes) and has totals (e.g. the total of all employee codes) to ensure that there have not been any unauthorised, changes or deletions) Adequate controls over the deletion of accounts that have not balances or transactions 105 ASSURANCE 5.10.5.5 Testing of Information processing controlss Testing of IP controls may be performed by the following tests. Manual controls may be tested if they are capable of producing assurance that the systems output are complete, accurate and authorised. Auditors may test these manual controls Output controls are controls that ensure that information produced by IT systems are valid and authorised, and are complete and accurate. The auditor may wish to test the output of the system by using either manual or computer assisted audit techniques (CAATs). Programmed control procedures can be tested when the auditor assesses that it is not possible or practical to test the system manually or to test its output. These programmed or embedded IT procedures may need to be tested only by using CAATs. As discussed earlier general IT controls may have a pervasive effect on information processing over all applications so that errors may go undetected and uncorrected in the IT systems. However although general IT controls can be weak, there could be compensating manual controls that still ensure that information processing objectives are met over IT applications (at the application/program level). This will occur where there are adequate manual controls outside the IT system to ensure the authorisation, completeness and accuracy of financial information as it is being processed. 5.11 Recording accounting and internal control systems There three ways of recording internal controls namely” Narrative notes Questionnaires and checklist Flowcharts 5.11.1 Narrative notes Narrative notes help to describe and explain the system, as well as making any comments or criticisms which will help to demonstrate an intelligent understanding of the system. They are good for short notes on simple processing and background information they are less helpful when systems become more complex and that is when diagrams tend to be more useful. Advantages of narrative notes include Relatively simple to use and easy to understand by all team members Notes are flexible in use and can be applied to almost any system Future edits due to system updates is relatively easy. Disadvantages of narrative notes include Using of notes can be more time consuming than charts or diagrams If written manually they may easily be lost and are difficult to update manually. 106 ASSURANCE They may not identify missing controls because they may not easily identify control weaknesses or problems in a timely, easy or timely manner. 5.11.2 Flowcharts Flowcharts are pictorial representations of how information flows within a system. They show the sequential order of key stages or process and what each stage uses as inputs and produces as outputs of each process in the system. Advantages of flowcharts include Ease of preparation once the auditor gains some experience in their preparation They are fairly easy to review and follow because they are in pictorial view. Unlike narrative notes, they ensure that the system is documented in its entirety without omissions. This is because all systems have been documented from beginning to end with any gaps being easily identifiable. Disadvantages of flowcharts include They are more suited to standard systems while unusual transactions usually have to be described with narrative notes They can be time consuming to prepare and difficult to understand for some readers Major updates to the system often require redrawing the whole diagram 5.11.3 Questionnaires and checklists Questionnaires are categorised into “internal control” and “internal control evaluation” questionnaires. Internal control questionnaires are used to check if a specific controls exists, while internal control evaluation questionnaires are used to evaluate whether the controls are effective and if they prevent or detect individual risks, errors and omissions. ICQ’s usually comprise of a list of questions which help identify whether certain controls exist. ICEQ’S usually have questions which focus on significant errors or omissions that could occur at different stages of the process if controls are weak and not effective, Advantages of ICQ’s and ICEQ notes include if properly drafted they can cover all key controls They are simple and quick to prepare They are seen to be easier to use and control IEEQ’s help the auditor to easily identify key controls that can be a focus of audit testing. ICEQ’s can easily identify weaknesses in internal controls that help the auditor plan for more detailed testing. 107 ASSURANCE Disadvantages include They can be unspecific and quite vaguely leasing to poor understanding and even omission of controls. They may focus on wrong controls which are also not very critical to internal controls. Controls may be overstated by clients in their responses. 5.12 Testing internal control systems In this section we will look at how controls can be tested in practice. We will examine each major component of a typical accounting system. We have already stated that the auditors must establish what the accounting system and the system of internal control consist of. The auditors will then decide which controls, if any, they wish to rely on and plan tests of controls to obtain the audit evidence as to whether such reliance can be warranted. For each of the major transaction systems we will look at the system objectives the auditors will bear in mind while assessing the internal controls and give examples of common controls. We shall then go on to look at a ‘standard’ program for testing controls. 1 Revenue The key risks of this cycle include accepting bad customers who may not pay their debts and failure to meet customer demand due to failure to fulfil received orders. The main controls are authorising customer credit terms and ensuring that all orders are matched with production orders. In summary the controls over revenue are centred on ordering by customers, despatch and invoicing, recording/accounting and finally cash collections. 5.13 Revenue: Ordering Risks and Control objectives over ordering Risks Risks over ordering include Orders may be given by customers who are not able to pay Orders may be given by customers who are not able to pay in time Orders may not be recorded properly leading to failure to track and fulfil orders and to a loss of clients Control objectives Controls that will mitigate these risks include 108 ASSURANCE Goods and services are only supplied to customers with good credit ratings Customers are followed up by the credit departments to pay promptly Orders are accurately recorded Orders are filled. 5.13.1 Standard controls and test of controls over sales and ordering 6 Controls will be implemented to address and mitigate the risks identified including the following: Controls Sales invoices and matching documents required for all entries and the date and reference of the entry are written on each document. Test of controls Review supporting documents for a sample of sales entries to ensure they contain the written details that indicate they were referred to when entered. All shipping documentation is forwarded to the invoicing section on a daily basis. Daily invoicing of goods shipped. Chart of accounts (COA) in place and is regularly reviewed for appropriateness and updated where necessary. Codes in place for different types of products or services Segregation of duties over the following functions o Credit control o Invoicing o Despatch of inventory Authorisation of credit terms to customers through use of o Customer references from independent credit data sources or from other suppliers in the market o Authorisation by senior staff o Regular review of credit limits Authorisation of changes in customer information o Changes in address should be supported by customers’ company letterhead o Requests for deletion should be supported by balances that are fully 109 ASSURANCE Compare dates on sales invoices with dates of corresponding shipping documentation. Compare dates on sales invoices with dates recorded in the sales ledger Inspect any documentary evidence of review (such as emails requesting update to COA as a result of review). Test application controls for proper codes. Observe and evaluate whether proper segregation of duties is operating. Check that references are being obtained Check that all new accounts on the receivables ledger have been authorised by senior staff. Examine application controls for authorisation. paid off 7 8 9 Orders should only be accepted from customers with proper credit paying history Orders not accepted unless credit limits reviewed first. Authorisation by senior staff required for changes in other customer data such as address etc. 10 Review entity's procedures for granting credit to customers Examine a sample of sales orders for evidence of proper credit approval by the appropriate senior staff member. Review all new customer files to ensure satisfactory credit references have been obtained. 11 12 13 Sequential numbering of blank and preprinting of order forms Checking of sequence for completeness of invoices Use of correct prices Sales are only recorded if there is an approved sales order form and shipping/despatch documentation Matching of customer orders with production orders and despatch notes and querying of orders not matched Sales invoices are reconciled to the daily sales report An open-order file is maintained and reviewed regularly Monthly customer statements sent out and customer queries and complaints handled independently to ensure that customer queries are resolved in a timely fashion 110 ASSURANCE Review and test entity's procedures for accounting for numerical sequences of invoices Verify that price lists and terms of trade are properly documented, authorised and communicated. Examine application controls for authorised prices and terms. . For a sample of sales invoices ensure there is a related sales order form that has been authorised and shipping documentation. Review a sample of reconciliations performed. Inspect the open-order file for unfilled orders. Review entity's procedures for sending out monthly statements and dealing with customer queries and complaints. 1.2 Revenue: despatch 1.2.1 Risks and Control objectives over despatch Risks Risks over despatch include 1.2.2 Control objectives Controls that will mitigate these risks include Goods may be despatched but not recorded Goods may be despatched to customers but may not be invoiced There could be invoice errors Invoices may be wrongly cancelled resulting in dissatisfaction. All despatches of goods should be fully recorded All goods and services are currently invoices All invoices relate to actual goods or services Credit notes are fully authorised and for the right reasons. Standard controls and test of controls over despatch Controls will be implemented to address and mitigate the risks identified including the following: Controls over despatch Authorisation of despatch of goods o despatch only on sales order o despatch goods only to authorised customers o Special authorisation of despatches of goods that are free of charge or on special terms. Test of controls Verify non routine sales (scrap, noncurrent assets, discounts etc.) with o Appropriate supporting evidence o Approval by authorised officials o Entries in relevant asset registers Check that despatches of goods free of charge or on special terms have been properly authorised. 111 ASSURANCE Examination of goods outwards as to quantity, quality and condition Recording all goods released on a despatch note Verify details of trade sales with entries in inventory records. Agreeing all despatch notes to customer orders and invoices Prenumbering of despatch notes and regular sequence checks Checking condition of goods returned Recording goods returned on goods returned notes Signature of despatch notes by customers Verify credit notes with o Correspondence or other supporting evidence o Approval by appropriate officials o Entries in the inventory section o Calculations and additions of entries in sales day book, and checking for correct analysis o Checking postings to receivables. Preparing invoices and credit notes properly o Authorisation of selling prices o Authorisation of credit notes o Checks on prices, quantities, extensions and total s and credit notes. o Sequential numbering of Testing numerical sequence of despatch notes Test numerical sequence of invoices and credit notes, inquire about missing terms and inspect copied of cancelled documents. Test numerical sequence of order forms and enquire into missing Verify details of trade sales or goods despatch notes with sales invoices while checking: o Quantities o Prices charged to official price lists o Proper treatment of trade discounts o Calculations and additions o Entries in sales day book are correctly analysed o VAT has been properly treated o Postings are properly made to the receivables ledger 112 ASSURANCE blank invoices, credit notes and regular sequence check. numbers Inventory records updated Matching sales invoices with despatch notes and sales orders. 1.3 Revenue: Recording 1.3.1 Risks and Control objectives over recording Risks Risks over selling recording Invoiced sales might not be properly recorded Credit notes might not be properly recorded Sales might be recorded in the wrong customer accounts Debts might be included in the receivable ledger when they are not actually receivable/collectible Control objectives Controls that will mitigate these risks include 1.3.2 All recorded sales should be invoiced in the ledger All credit notes issued should be recorded in the I nominal and receivables ledgers All entries in the receivables ledger are made to the correct accounts. Potential bad debts are identified. Standard controls and test of controls over recording Controls will be implemented to address and mitigate the risks identified including the following: Controls over Recording Segregation of duties on: o recording sales, o maintaining customer accounts; and o preparing customer statements Test of controls Confirm that roles over invoice recording are segregated Matching of cash receipts with invoices Sales Day book tests Check entries with invoices and credit notes respectively Check additions and cross casts 113 ASSURANCE Separate recording of sales returns, price adjustments etc. Cut off procedures to ensure goods despatched and not invoiced (or vice versa)are properly dealt with in the correct period Regular preparation , checking and safeguarding of trade receivables statements Review and follow up of overdue accounts Authorisation to write of bad debts Reconciliation of receivables ledger control account Analytical review for receivables ledger and profit margin 114 ASSURANCE Check postings to receivables ledger Receivables ledger Check entries in a sample of accounts to the sales day book Check additions and balances carried down Note and enquire into contra entries Check that control accounts are regularly reconciled to the total of the receivables ledger balances Scrutinise accounts to see if credit limits have been observed Check that overdue accounts have been followed Check that trade receivables statements are prepared and sent out regularly Check that overdue accounts have been adequately followed up. Check that all bad debts written off have been authorised by management CHAPTER 6: FINANCIAL STATEMENTS: SUBSTANTIVE PROCEDURES IN THE AUDIT OF KEY FINANCIAL STATEMENT FIGURES Topic List 1. 2. 3. 4. 5. 6. 7. 8. Introduction; Non-current Assets; Inventory; Receivables (and Sales); Bank; Payables; Long term Liabilities; and Income Statement items. Learning Outcomes By the end of this chapter students should be able to: understand the nature of tests on balances carried out by assurance provides and the objectives of those tests; identify suitable tests in a given business scenario; and understand when a matter should be referred to a senior member of staff. 115 ASSURANCE 116 ASSURANCE 6.1 Introduction This chapter covers the audit of non-current assets, a key area of the statement of financial position. It highlights the key objectives for each major component of non-current assets. Students must understand what objectives the various audit tests are designed to achieve in relation to the financial statement assertions. Objectives of particular significance for tangible non-current assets are rights and obligations (ownership), existence and valuation. Valuation is an important assertion. The auditors will concentrate on testing any external valuations made during the year, and also whether other values appear reasonable given asset usage and condition. An important aspect of testing valuation is reviewing depreciation rates. Using the work of an expert, may well be important in the audit of noncurrent assets in respect of valuation. 6.2 Non-Current Assets 6.2.1 Tangible non-current assets Tangible non-current assets include land, buildings, plant, vehicles, furniture and equipment Key areas when testing tangible non-current assets are: Confirmation of ownership Inspection of non-current assets Valuation by third parties Adequacy of depreciation rates Based on the above objectives the key risks are due to: The company not actually owning the assets The assets not existing or having been sold Omission of assets owned by the company Assets being o overvalued by charging insufficient depreciation, inflating costs or valuations or o undervalued by charging too much depreciation Assets being wrongly presented or classified in the financial statements Audit objectives and assertions The following are audit objectives for tangible noncurrent assets and the related assertions that are made by management in the financial statements 117 ASSURANCE Financial statement Audit objective assertion Existence and occurrence Additions represent assets acquired in the year and disposal represent assets sold or scrapped in the year Recorded assets represent those in use at the yearend Completeness Completeness Rights and obligations All additions and disposals that occurred in the year have been recorded Balances represent assets in use at the year-end The entity has rights to the assets purchased and those recorded at the year-end Accuracy, classification and valuation Non-current assets are correctly stated at cost less accumulated depreciation Additions and disposals are correctly recorded Presentation disclosure Disclosures relating to cost, additions and disposals, depreciation policies, useful lives and assets held under finance leases are adequate and in accordance with accounting standards and Internal control considerations for tangible noncurrent assets Key controls include The asset register which provides evidence that assets are completely recorded. This is achieved by comparing the ledger, the register and the physical assets. Procedures over acquisitions and disposals that ensure that o acquisitions are authorised o Disposals are authorised o Proceeds are properly accounted to show a gain or a loss on disposal Physical security over assets is maintained Non-current assets are well maintained and are kept in a good working condition Depreciation is reviewed every year All income is collected and accounted for from all assets that generate income Audit procedures for tangible noncurrent assets All audit procedures are related to and verify management assertions in the financial statements. Assertions and related audit procedures for non-current assets affect both the financial position and the operating performance of an entity. These procedures are summarised below 118 ASSURANCE Assertion Audit procedure Asserts are completely Obtain or prepare a summary of tangible non-current assets showing how: recorded o Gross book value o Accumulated depreciation o Net book value Reconcile with the opening position. Compare non-current assets in the general ledger with the non-current assets register and obtain explanations for differences. For a sample of assets which physically exist agree that they are recorded in the non-current asset register. If a non-current asset register is not kept, obtain a schedule showing the original costs and present depreciated value of major non-current assets. Reconcile the schedule of non-current assets with the general ledger. All reported assets exist Assets valued are properly Confirm that the company physically inspects all items in the non-current asset register each year. Inspect assets, concentrating on high value items and additions in-year. Confirm that items inspected: o Exist o Are in use o Are in good condition o Have correct serial numbers Review records of income-yielding assets. Reconcile opening and closing vehicles by numbers as well as amounts. Verify valuation to valuation certificate. Consider reasonableness of valuation, reviewing: o Experience of valuer o Scope of work o Methods and assumptions used o Valuation bases are in line with accounting standards Reperform calculation of revaluation surplus. Confirm whether valuations of all assets that have been revalued have been updated regularly (full valuation every five years and an interim valuation in year three generally) by asking the Finance Director and inspecting the previous financial statements. Inspect draft accounts to check that client has recognised in the statement of profit or loss revaluation losses unless there 119 ASSURANCE Depreciation The company has adequate legal rights and obligations to the asset is a credit balance in respect of that asset in equity, in which case it should be debited to equity to cancel the credit. All revaluation gains should be credited to equity. Review insurance policies in force for all categories of tangible non-current assets and consider the adequacy of their insured values and check expiry dates. Review depreciation rates applied in relation to: o Asset lives o Residual values o Replacement policy o Past experience of gains and losses on disposal o Consistency with prior years and accounting policy o Possible obsolescence Review non-current assets register to ensure that depreciation has been charged on all assets with a limited useful life. For revalued assets, ensure that the charge for depreciation is based on the revalued amount by recalculating it for a sample of revalued assets. Reperform calculation of depreciation rates to ensure it is correct. Compare ratios of depreciation to non-current assets (by category) with: o Previous years o Depreciation policy rates Scrutinise draft accounts to ensure that depreciation policies and rates are disclosed in the accounts. Verify title to land and buildings by inspection of: o Title deeds o Land registry certificates o Leases Obtain a certificate from solicitors/bankers: o Stating purpose for which the deeds are being held (custody only) o Stating deeds are free from mortgage or lien Inspect registration documents for vehicles held, confirming that they are in client's name. Confirm all vehicles are used for the client's business. Examine documents of title for other assets (including purchase invoices, architects' certificates, contracts, hire purchase or lease agreements). Review for evidence of charges in statutory books and by 120 ASSURANCE Additions of assets company search Review leases of leasehold properties to ensure that company has fulfilled covenants therein. Examine invoices received after year-end, orders and minutes for evidence of capital commitments Self-constructed assets These tests are to confirm rights and obligations, valuation and completeness. Verify additions by inspection of architects' certificates, solicitors' completion statements, suppliers' invoices etc. Review capitalisation of expenditure by examining for non-current assets additions and items in relevant expense categories (repairs, motor expenses, sundry expenses) to ensure that: o Capital/revenue distinction is correctly drawn o Capitalisation is in line with consistently applied company policy Inspect non-current asset accounts for a sample of purchases to ensure they have been properly allocated. Ensure that appropriate claims have been made for grants, and grants received and receivable have been received, by inspecting claims documentations and bank statements. Verify that additions have been recorded by scrutinising the non-current asset register and general ledger. These tests are to confirm valuation and completeness. Verify material and labour costs and overheads to invoices, wage records etc. Ensure expenditure has been analysed correctly and properly charged to capital. Expenditure should be capitalised if it: o Enhances the economic benefits of the asset in excess of its previously assessed standard of performance o Replaces or restores a component of the asset that has been treated separately for depreciation purposes, and depreciated over its useful economic life o Relates to a major inspection or overhaul that restores the economic benefits of the asset that have been consumed by the entity, and have already been reflected in depreciation Review costs to ensure that no profit element has been included. Review accounts to ensure that finance costs have been capitalised or not capitalised on a consistent basis, and 121 ASSURANCE costs capitalised in period do not exceed total finance costs for period. These tests are to confirm rights and obligations, completeness, occurrence and accuracy. Verify disposals with supporting documentation, checking transfer of title, sales price and dates of completion and payment. Recalculate profit or loss on disposal. Consider whether proceeds are reasonable. If the asset was used as security, ensure release from security has been correctly made. Disposals Classification and Understandability 6.2.2 Review non-current asset disclosures in the financial statements to ensure they meet IAS 16 criteria. For a sample of fully depreciated assets, inspect the register to ensure no further depreciation is charged. Intangible non-current assets Examples of intangible assets include licences, development costs and purchased brands. The major risks of intangible non-current assets are due to: Expenses wrongly being capitalised as non-current assets Assets being carried at wrong values due to o Inflated costs or valuations o Wrong amortisation rates or not being amortised at all o Impairment reviews not being performed properly The table below presents audit procedures that address specific audit assertions made by directors in the financial statements: Asset type Audit procedure Goodwill Research and development costs Agree the consideration to sales agreement by inspection. Consider whether asset valuation is reasonable. Agree that the calculation is correct by recalculation. Review the impairment review and discuss with management. Ensure valuation of goodwill is reasonable/there has been no impairment Adjusted through discussion with management. Confirm that capitalised development costs conform to IAS 38 criteria by inspecting details of projects and discussions with technical managers. Confirm feasibility and viability by inspection of budgets. Recalculate amortisation calculation, to ensure it commences with production/is reasonable. 122 ASSURANCE Other intangibles Inspect invoices to verify expenditure incurred on R&D projects. Agree purchased intangibles to purchase documentation agreement by inspection. Inspect specialist valuation of intangibles and ensure it is reasonable. Review amortisation calculations and ensure they are correct by recalculation. 6.2.3 Inventory The risks of misstatement over inventory are Inventory does not exist Not all inventory has been included in the financial statements Inventory may be overvalued when it is obsolete or damaged Inventory may be reported at wrong values due to miscalculation of cost or due to lower net realisable values Inventory belonging to third parties may not be included in the financial statement Inventory that is sold is not still included in the financial statements The table below presents audit objectives that address specific audit assertions made by directors in the financial statements: Assertion Existence occurrence Completeness Rights obligations Accuracy, classification and Valuation Audit objective and All purchases and sales are recorded. All inventories at year-end is included on the statement of financial position. and The entity has rights to inventory recorded in the period and at the year-end. Costs are accurately determined in accordance with accounting standards. Inventory is recorded at year-end at the lower of cost and net realisable value. Cut off Presentation disclosure Recorded purchases and sales represent inventories bought and sold. Inventory on the statement of financial position physically exists Accuracy, classification and valuation and Inventory is properly classified in the accounts. Disclosures relating to classification and valuation are adequate and in accordance with accounting standards. 123 ASSURANCE 6.2.3.1 Internal Controls over inventory Major controls over inventory include Inventory count system Proper valuation of inventory at cost or net realisable value (NRV) in accordance with IAS 2 inventory The table below presents audit procedures that address specific audit assertions made by directors in the financial statements: Assertion Audit procedure Completeness Existence Rights obligations and Valuation allocation and Complete the disclosure checklist to ensure that all the disclosures relevant to inventory have been made. Trace test counts to the detailed inventory listing. Where inventory is held in third party locations, physically inspect this inventory or review confirmations received from the third party and match to the general ledger. Compare the gross profit % to the previous year or industry data. Observe the physical inventory count (see Section 4 for details of attendance at the inventory count). Verify that any inventory held for third parties is not included in the year-end inventory figure by being appropriately segregated during the inventory count. For any 'bill-and-hold' inventory (i.e. where the inventory has been sold but is being held by the entity until the customer requires it), identify such inventory and ensure that it is segregated during the inventory count so that it is not included in the year-end inventory figure. Confirm that any inventory held at third party locations is included in the yearend inventory figure by reviewing the inventory listing. Obtain a copy of the inventory listing and agree the totals to the general ledger. Cast the inventory listing to ensure it is mathematically correct. Vouch a sample of inventory items to suppliers' invoices to ensure it is correctly valued. Where standard costing is used, test a sample of inventory to ensure it is correctly valued. For materials, agree the valuation of raw materials to invoices and price lists. Confirm that an appropriate basis of valuation (e.g. FIFO) is being used by discussing with management. For labour costs, agree costs to wage records. Review standard labour costs in the light of actual costs and 124 ASSURANCE production. Reconcile labour hours to time summaries. Make inquiries of management to ascertain any slow-moving or obsolete inventory that should be written down. Examine prices at which finished goods have been sold after the year-end to ascertain whether any finished goods need to be written down. If significant levels of finished goods remain unsold for an unusual period of time, discuss with management and consider the need to make allowance. Compare the gross profit % to the previous year or industry data. Compare raw material, finished goods and total inventory turnover to the previous year and industry averages. Compare inventory days to the previous year and industry average. Compare the current year standard costs to the previous year after considering current conditions. Compare actual manufacturing overhead costs with budgeted or standard manufacturing overhead costs. Cut-off Note the numbers of the last GDNs and GRNs before the year-end and the first GDNs and GRNs after the year-end and check that these have been included in the correct financial year. Accuracy Obtain a copy of the inventory listing and cast it, and test the mathematical extensions of quantity multiplied by price. Trace test counts back to the inventory listing. If the entity has adjusted the general ledger to agree with the physical inventory count amounts, agree the two amounts. Where a continuous (perpetual) inventory system is maintained, agree the total on the inventory listing to the continuous inventory records, using CAATs. Occurrence and rights and obligations Inquire of management and review any loan agreements and board minutes for evidence that inventory has been pledged or assigned. Inquire of management about warranty obligation issues. Classification and understandability Review the inventory listing to ensure that inventory has been properly classified between raw materials, work-in-progress and finished goods. Read the notes to the accounts relating to inventory to ensure they are understandable. Accuracy and valuation Review the financial statements to confirm whether the cost method used to value inventory is accurately disclosed. Read the notes to the accounts to ensure that the information is accurate and properly presented at the appropriate amounts. 125 ASSURANCE Other inventory procedures include the inventory count and valuation of inventory 6.2.3.2 Inventory count Physical inventory count procedures are vital as they provide evidence which cannot be obtained elsewhere or at any other time about the quantities and conditions of inventories and work-in-progress. The requirements of ISA 501 Audit evidence – specific considerations for selected items are that where inventory is material, auditors shall obtain sufficient appropriate audit evidence regarding its existence and condition by attending the physical inventory count by the following: Evaluate management's instructions and procedures for recording and controlling the result of the physical inventory count Observe the performance of the count procedures Inspect the inventory Perform test counts The inventory Count Planning for an inventory count The following are preparations for an inventory count Gain knowledge of the client Review previous year's arrangements. Discuss with management the inventory count arrangements and significant changes Assess key Factors The nature and volume of the inventory Risks relating to inventory Identification of high value items Method of accounting for inventory Location of inventory and how it affects inventory control and recording Internal control and accounting systems to identify potential areas of difficulty Plan counting procedures Ensure a representative selection of locations, inventory and procedures are covered Ensure sufficient attention is given to high value items Arrange to obtain from any third parties' confirmation of inventory they hold Consider the need for expert help Organisation of the count Review count procedures – Organisation of count Supervision by senior staff including senior staff not normally involved with inventory 126 ASSURANCE Tidying and marking inventory to help counting Restriction and control of the production process and inventory movements during the count Identification of damaged, obsolete, slow-moving, third party and returnable inventory Counting process Systematic counting to ensure all inventory is counted Teams of two counters, with one counting and the other checking or two independent counts Recording Serial numbering, control and return of all inventory sheets Inventory sheets being completed in ink and signed Information to be recorded on the count records (location and identity, count units, quantity counted, conditions of items, stage reached in production process) Recording of quantity, conditions and stage of production of work-in-progress Recording of last numbers of goods inwards and outwards records and of internal transfer records Reconciliation with inventory records and investigation and correction of any differences Inventory count Types of inventory count (a) Physical inventory counts at the year-end From the viewpoint of the auditor this is often the best method. (b) Physical inventory counts before or after the year-end This will provide audit evidence of varying reliability depending on: (i) The length of time between the physical inventory count and the year-end (the greater the time period, the less the value of audit evidence) (ii) The business's system of internal controls (iii) The quality of records of inventory movements in the period between the physical inventory count and the year-end (b) Perpetual (or continuous) inventory where management has a programme of inventorycounting throughout the year. Where a perpetual count is performed auditor should verify that management 127 ASSURANCE a. b. c. d. Ensures inventory is counted at least once a year. Maintains adequate inventory records that are kept up to date Has proper procedures for inventory counts and test counts Investigates and resolve all material differences uncovered in the count The following are procedures for planning a perpetual count Attend one of the inventory counts (to observe and confirm that instructions are being adhered to). Follow up the inventory counts attended to compare quantities counted by the auditors with the inventory records, obtaining and verifying explanations for any differences, and checking that the client Has reconciled count records with book inventory records. Review the year's inventory counts to confirm the extent of counting, the treatment of discrepancies and the overall accuracy of records (if matters are not satisfactory, auditors will only be able to gain Sufficient assurance by a full count at the year-end). Performing the count Observe whether the client's staff are following instructions as this will help to ensure the count is complete and accurate. Perform test counts to ensure procedures and internal controls are working properly, and to gain evidence over existence and completeness of inventory. Ensure that the procedures for identifying damaged, obsolete and slow-moving inventory operate properly; the auditors should obtain information about the inventory's condition, age, usage and in the case of work-in-progress, its stage of completion to ensure that it is later valued appropriately. Con firm that inventory held on behalf of third parties is separately identified and accounted for so that inventory is not overstated. Conclude whether the count has been properly carried out and is sufficiently reliable as a basis for determining the existence of inventories. Consider whether any amendment is necessary to subsequent audit procedures. Gain an overall impression of the levels and values of inventories held so that the auditors may, in due course, judge whether the figure for inventory appearing in the financial statements is reasonable. Inventory held by third parties Sometimes an organisation will have stocks with third parties; this can be in cases where warehousing services are provided by other suppliers for holding stock while in transit to the company or to a customer if a sale transaction has not been concluded. The following procedures should be performed in this case 128 ASSURANCE Send a direct confirmation with the third party to get comfort on quantities and condition of stock Perform a physical inspection Arrange another auditor to o attend the count o Give a report on internal controls of the third party regarding their inventory process (controls over safeguarding and counting etc.) Inspect documentation regarding third party inventory When third party has pledged the inventory as collateral to other parties, obtain a confirmation regarding the quantity and condition of the inventory Attendance at a count Cut off Auditors should test cut off to ensure that inventory has been allocated to the correct period Cut off is important at the following stages of the inventory cycle: The point of purchase and receipt of goods and services The requisitioning of raw materials for production The transfer of completed work-in-progress to finished goods The sale and dispatch of finished goods Audit procedures include the following test cut-off by noting the serial numbers of GDNs and GRNs received and dispatched just before and after the year-end Purchase invoices should be recorded as liabilities only if the goods were received prior to the count. A schedule of 'goods received not invoiced' should be prepared, and items on the list should be accrued for in the accounts. Sales cut-off is generally more straightforward to achieve correctly than purchases cutoff. Invoices for goods dispatched after the count should not appear in the income statement for the period. Prior to the physical inventory count, management should make arrangements for cut-off to be properly applied. o Appropriate systems of recording of receipts and dispatches of goods are in place, and also a system for documenting materials requisitions. Goods received notes (GRNs) and goods dispatched notes (GDNs) should be sequentially prenumbered. o Final GRN and GDN and materials requisition numbers are noted. These numbers can then be used to subsequently check that purchases and sales have been recorded in the current period. o Arrangements should be made to ensure that the cut-off arrangement for inventories held by third parties are satisfactory. Ensure that there is no movement of inventory during the count. Assessing cost and net realisable value 129 ASSURANCE Auditors must understand how the company determines the cost of an item for inventory valuation purposes. Cost should include an appropriate proportion of overheads, in accordance with IAS 2. There are several ways of determining cost. Auditors must ensure that the company is applying the method consistently and that each year the method used gives a fair approximation to cost. They may need to support this by additional procedures: Reviewing price changes near the year-end Ageing the inventory held Checking gross profit margins to reliable management accounts The following items of inventory require specific valuation methods For raw materials and brought in components 'Cost' comprises the cost of purchase plus the costs of transportation. For work-in-progress and finished goods 'Cost' comprises the cost of purchase plus the costs of conversion. The cost of conversion comprises: o Costs specifically attributable to units of production o Production overheads o Other overheads attributable to bringing the product or service to its present location and condition Audit procedures Audit procedures will depend on the methods used by the client to value work-in-progress and finished goods, and on the adequacy of the system of internal control. General procedures Costing Check the reasonableness of the valuation of finished goods and work-in-progress. Perform analytical procedures to compare items and Ensure that a proportion of overheads appropriate to bringing the inventory to its present location and condition has been included. The basis of overhead allocation should be: Consistent with prior years Calculated on the normal level of production activity Overheads from reduced levels of activity, idle time or inefficient production should be written-off to the income statement, rather 130 ASSURANCE than being included in inventory. Difficulty may be experienced if the client operates a system of total overhead absorption. It will be necessary for those overheads that are of a general, nonproductive nature to be identified and excluded from the valuation. compare cost and net realisable value and ensure the lower value has been used Check for indicators that NRV has below cost as follows An increase in costs or a fall in selling price Physical deterioration Obsolescence of products A marketing decision to manufacture and sell products at a loss Errors in production or purchasing Realisable value testing 6.2.4 Receivables Receivables will generally be a material figure on a company's statement of financial position. You must ensure that you are fully conversant with the 'standard' procedures such as the confirmation of receivables. The receivables' confirmation is primarily designed to test the client's entitlement to receive the debt, not the customer's ability to pay. Auditors also need to consider cut-off for receivables. Sales testing is often carried out in conjunction with the audit of receivables as the two are linked. We also briefly consider the audit of prepayments which is normally carried out using analytical procedures Key areas when testing receivables are: Confirming that debts are indeed owed by customers Confirming that debts will be collected Based on the above objectives the key risks are due to: Debts may not be collected Amounts owing may not be agreed to by customers Audit objectives and assertions The following are audit objectives for tangible noncurrent assets and the related assertions that are made by management in the financial statements 131 ASSURANCE Financial statement Audit objective assertion Assertions about classes of All sales transactions recorded have occurred and relate Transactions to the entity (occurrence) All sales transactions that should have been recorded have been recorded (completeness) Amounts relating to transactions have been recorded appropriately (accuracy) All transactions have been recorded in the correct period (cut-off) All transactions are recorded properly (classification) Assertions about account Recorded receivables exist (existence) balances at the period-end The entity controls the rights to receivables and related accounts (rights and obligations) All receivables that should have been recorded have been recorded (completeness) Receivables are included in the accounts at the correct amounts (valuation and allocation) Assertions presentation disclosure about All disclosed events and transactions relating to and receivables have occurred and pertain to the entity (occurrence, rights and obligations) All disclosures required have been included (completeness) Financial information is appropriately presented and described and disclosures clearly expressed (classification and understandability) Financial and other information is disclosed Internal control considerations for receivables Key controls include Segregation of duties over taking orders, raising sales invoices and receiving and recording monies from customers The reconciliation of the aged receivables accounts with the receivables control account on a regular basis is a key control to highlight anomalies. Having numerically sequenced invoices which are matched to shipping documentation or goods despatched notes (GDNs). controls is over the completeness of sales, where the client performs a reconciliation between sales records outside of the accounting system and the sales in the financial statements 132 ASSURANCE All audit procedures are related to and verify management assertions in the financial statements. Assertions and related audit procedures for receivables affect both the financial position and the operating performance of an entity. These procedures are summarised below Assertion Audit procedure Receivables are completely recorded All reported exist receivables The company has adequate Agree the balance from the individual sales ledger accounts to the aged receivables' listing and vice versa. Match the total of the aged receivables' listing to the sales ledger control account. Cast and cross-cast the aged trial balance before selecting any samples to test. Trace a sample of shipping documentation to sales invoices and into the sales and receivables' ledger. Complete the disclosure checklist to ensure that all the disclosures relevant to receivables have been made. Compare the gross profit % by product line with the previous year and industry data. Compare the level of prepayments to the previous year to ensure the figure is materially correct and complete. � Review detailed statement of financial position to ensure all likely prepayments have been included. Existence Perform a receivables' circularisation on a sample of year-end trade receivables (see Section 3 for details of how to undertake the receivables' circularisation). Follow up all balance disagreements and non-replies to the receivables' confirmation. Perform alternative procedures for any exceptions and non-replies to the receivables' confirmation, such as: Review after-date cash receipts by inspecting bank statements and cash receipts documentation. Examine the customer's account and customer correspondence to assess whether the balance outstanding represents specific invoices and confirm their validity. Examine the underlying documentation (purchase order, dispatch documentation, duplicate sales invoice etc.). Inquire from management explanations for invoices remaining unpaid after subsequent ones have been paid. Observe whether the balance on the account is growing and if so, find out why by discussing with management. Review bank confirmation for any liens on receivables. 133 ASSURANCE legal rights and obligations to receivables Receivables are properly valued and allocated Receivables classified are properly Make inquiries of management, review loan agreements and review board minutes for any evidence of receivables being sold (e.g. to factors). Determine, through discussion with management, whether any receivables have been pledged, assigned or discounted and whether such items require disclosure in the financial statements. Compare receivables' turnover and receivables' days to the previous year and/or to industry data. Compare the aged analysis of receivables from the aged trial balance to the previous year. Review the adequacy of the allowance for uncollectable accounts through discussion with management. Compare the bad debt expense as a % of sales to the previous year and/or to industry data. Compare the allowance for uncollectable accounts as a % of receivables or credit sales to the previous year and/or to industry data. Confirm adequacy of allowance by reviewing correspondence with customers and solicitors. Examine credit notes issued after year-end for allowances that should be made against current period balances. Examine large customer accounts individually and compare to the previous year's balances. For a sample of old debts on the aged trial balance, obtain further information regarding their recoverability by discussions with management and review of customer correspondence. For a sample of prepayments from the prepayments' listing, recalculate the amount prepaid to ensure that it has been accurately calculated. For a sample of sales invoices around the year-end, inspect the dates and compare with the dates of dispatch and the dates recorded in the ledger for application of correct cut-off. For sales returns, select a sample of returns documentation around the year-end and trace to the related credit entries. For a sample of sales invoices, compare the prices and terms to the authorised price list and terms of trade documentation. Test whether discounts have been properly applied by recalculating them for a sample of invoices. 134 ASSURANCE Test the correct calculation of tax on a sample of invoices. Receivables occurred/arose during the period For a sample of sales transactions recorded in the ledger, vouch the sales invoice back to customer orders and dispatch documentation. Receivables are classified understandable Review the aged analysis of receivables for any large credits, non-trade receivables and long-term receivables and consider whether such items require separate disclosure. Read the disclosure notes relevant to receivables in the draft financial statements and review for understandability. properly and Confirmation of receivables When it is reasonable to expect responses from customers, assurance providers should obtain confirmations of amounts receivable balances. Confirmations satisfy the objective of testing whether customers exist and owe bona fide amounts to the company (existence and rights and obligations). Confirmations should take place immediately after the year end. Confirmations are the responsibility of the client who alone can authorise third parties to divulge information to the auditors. If management refuses for the auditor to seek the confirmation, the auditor shall inquire about management's reasons for the refusal and seek audit evidence regarding the validity and reasonableness of the reasons. They shall also evaluate the implications of the refusal on the assessment of the risk of material misstatement and on the nature, timing and extent of other audit procedures. The auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence. If the auditor concludes that the refusal is unreasonable, or the auditor cannot obtain relevant and reliable audit evidence elsewhere, the auditor shall communicate with those charged with governance in accordance with ISA 260 (Communication of audit matters with those charged with governance) and consider the implications for the auditor's report. Types of receivables confirmation When confirmation is undertaken the method of requesting information from the customer may be either positive or negative. Under the positive method the customer is requested to confirm the accuracy of the balance shown or state in what respect he is in disagreement. Under the negative method the customer is requested to reply only if the amount stated is disputed. 135 ASSURANCE The positive method is generally preferable as it is designed to encourage definite replies from those contacted. The confirmation can either indicate the balance or not indicate the balance. Where the balance is indicated there is a risk that the customer will reply without actually writing anywhere on the letter to show his acceptance of the balances. This risk can be mitigated by not indicating the clients balance and by asking the customer to insert the balance that they have. However this approach can lead to a lower response rate due to the work required to be done by the customer. The negative method provides less persuasive audit evidence and shall not be used as the sole substantive procedure to audit receivables unless all of the following are present: The risk of material misstatement has been assessed as low. The auditor has obtained sufficient appropriate audit evidence on the The population consists of a large number of small, homogeneous account balances. A very low exception rate is expected. The auditor is not aware of circumstances or conditions that would cause customers to disregard the requests. The statements will normally be prepared by the client's staff, from which point the auditors, as a safeguard against the possibility of fraudulent manipulation, must maintain strict control over the preparation and dispatch of the statements. Precautions must also be taken to ensure that undelivered items are returned, not to the client, but to the auditors' own office for follow-up by them. Below is an example of a confirmation letter ABC LIMITED 21 Glyn Jones Road, Blantyre Date Messrs (customer) In accordance with the request of our auditors, Auditwise Associates, we ask that you kindly confirm to them directly your indebtedness to us at [insert date] which, according to our records, amounted to K.......... as shown by the enclosed statement. If the above amount is in agreement with your records, please sign in the space provided below and return this letter direct to our auditors in the enclosed stamped addressed envelope. If the amount is not in agreement with your records, please notify our auditors directly of the amount shown by your records, and if possible detail on the reverse of this letter full particulars of the difference. 136 ASSURANCE Yours faithfully, For ABC Limited Reference No: ........................... ...................................................................................................................................................... ....... (Tear-off slip) The amount shown above is/is not * in agreement with our records as at Account No .............................. Signature ................................ Date .............................. Title or position ................................ * The position according to our records is shown overleaf. Notes The letter is on the client's paper, signed by the client. A copy of the statement is attached. The reply is sent directly to the auditor in a pre-paid envelope. Determining a sample for sending confirmations Auditors will normally only contact a sample of accounts receivable. If this sample is to yield a meaningful result it must be based upon a complete list of all accounts receivable. In addition, when constructing the sample, the following classes of account should receive special attention: Old, unpaid accounts Accounts written-off during the period under review Accounts with credit balances Accounts settled by round sum payments Accounts with nil balances Accounts which have been paid by the date of the examination Resolving responses and exceptions Auditors will have to carry out further work in relation to those receivables who: Disagree with the balance stated (positive and negative confirmation), resulting in exceptions Do not respond, resulting in non-responses In the case of disagreements, the customer response should have identified specific amounts which are disputed. The following are some reasons for customers to disagree 137 ASSURANCE There is a dispute between the client and the customer. The reasons for the dispute would have to be identified, and provision made if appropriate against the debt. Cut-off problems exist, because the client records the following year's sales in the current year or because goods returned by the customer in the current year are not recorded in the current year. Cut-off testing may have to be extended (see below). The customer may have sent the monies before the year-end, but the monies were not recorded by the client as receipts until after the year-end. Detailed cut-off work may be required on receipts. Monies received may have been posted to the wrong account or a cash-in-transit account. Auditors should check if there is evidence of other misposting. If the monies have been posted to a cash-in-transit account, auditors should ensure this account has been cleared promptly. Customers who are also suppliers may net-off balances owed and owing. Auditors should check that this is allowed. Teeming and lading, stealing monies and incorrectly posting other receipts so that no particular customer is seriously in debt is a fraud that can arise in this area. Teeming and lading involves an employee first stealing the cash receipts from a receivable (receivable 1) and not recording the receipt against the customer account. Then the employee receives more cash from another receivable (receivable 2) and allocates it against receivable 1 in order to conceal the stolen funds. Similarly, he or she then allocates Resolving non-responses In the case of non-responses, the ISA states that the auditor shall perform alternative audit procedures to obtain relevant and reliable audit evidence. These could include reviewing subsequent cash receipts, verifying valid purchase shipping documentation and Sales near the period-end. Checking if the balance on the account is growing, and if so, why Obtain explanations for invoices that remain unpaid after subsequent ones have been paid. 6.2.5 SALES Accounts' receivable will often be tested in conjunction with sales. Auditors are seeking to obtain evidence that sales pertain to the entity (occurrence), and are completely and accurately recorded. This will involve carrying out certain procedures to test for completeness of sales and also testing cut-off. We already looked at some audit procedures relating to sales earlier in this chapter (in the table in Section 2). However, we will now look in detail at some important procedures used when testing completeness and occurrence of sales. 138 ASSURANCE Completeness of sales Analytical review is important when testing completeness. A client is likely to have a great deal of information about company sales and should be able to explain any fluctuations and variances. Auditors should consider the following. The level of sales over the year, compared on a month-by-month basis with the previous year The effect on sales value of changes in quantities sold The effect on sales value of changes in products or prices The level of goods returned, sales allowances and discounts The efficiency of labour as expressed in sales or profit per tax per employee In addition auditors must record reasons for changes in the gross profit margin. Analysis of the gross profit margin should be as detailed as possible, ideally broken down by product area and month or quarter. As well as analytical review, auditors may feel that they need to carry out a directional test on completeness of recording of individual sales in the accounting records. To do this, auditors should start with the documents that first record sales (goods dispatched notes or till rolls for example), and trace sales recorded in these through intermediate documents such as sales summaries to the sales ledger. Auditors must ensure that the population of documents from which the sample is originally taken is itself complete, by checking for example the completeness of the sequence of goods dispatched notes. You must remember the direction of this test. Since we are checking the completeness of recording of sales in the sales ledger, we cannot take a sample from the ledger because the sample would not include what has not been recorded. 6.2.6 Cash and Bank Key areas when testing cash and bank are: Confirming balances directly with the bank Confirming the reasonableness of reconciling differences calculated by the client Confirming that any material balances held at the client are correctly valued. Based on the above objectives the key risks are due to: Not all bank balances owned by the client are disclosed in the financial statements Reconciliation differences between the bank balance and the cash book may not be properly resolved leading to misstatements in the cash balances Material cash floats may be omitted or misstated Audit objectives and assertions The following are audit objectives for cash and bank and the related assertions that are made by management in the financial statements 139 ASSURANCE Financial statement Audit objective assertion Cash balances existence Recorded cash balances exist at the period-end and balances and transactions are valid and actually exist. Cash balances are Recorded cash balances include the effects of all completely recorded transactions that have occurred Cash is properly valued Recorded cash balances are realisable at the amounts stated Cash is properly presented and disclosed Disclosures relating to cash are adequate and in accordance with accounting standards and legislation Internal control considerations for cash and bank The key control over cash and bank is performing bank reconciliations. However, only the year-end reconciliation will be reviewed by the auditor. Bank confirmation procedures The audit of bank balances will need to cover completeness, existence, rights and obligations and valuation. All of these assertions can be audited directly by obtaining third party confirmations from the client's banks and reconciling these with the accounting records, having regard to cut-off. Preparation of Bank letters The bank letter is used to ask a variety of questions, including queries about outstanding interests, contingent liabilities and guarantees. The auditors should determine which of the following approaches is the most appropriate in seeking confirmation of balances or other information from the bank: Listing balances and other information, and requesting confirmation of their accuracy and completeness, or Requesting details of balances and other information, which can then be compared with the requesting client's records The form and content of a confirmation request letter will depend on the purpose for which it is required and on local practices. The most commonly requested information is in respect of balances due to or from the client entity on current, deposit, loan and other accounts. The request letter should provide the account description number and the type of currency for the account. 140 ASSURANCE It may also be advisable to request information about nil balances on accounts, and accounts which were closed in the 12 months prior to the chosen confirmation date. The client entity may ask for confirmation not only of the balances on accounts but also, where it may be helpful, other information, such as the maturity and interest terms on loans and overdrafts, unused facilities, lines of credit/standby facilities, any offset or other rights or encumbrances, and details of any collateral given or received. The client entity and its auditors are likely to request confirmation of contingent liabilities, such as those arising on guarantees, comfort letter, bills and so on. Banks often hold securities and other items in safe custody on behalf of customers. A request letter may thus ask for confirmation of such items held by the bank. The procedure is simple but important, and outlined below. 1) The banks will require explicit written authority from their client to disclose the information requested. 2) The auditors' request must refer to the client's letter of authority and the date thereof. Alternatively it may be countersigned by the client or it may be accompanied by a specific letter of authority. (c) In the case of joint accounts, letters of authority signed by all parties will be necessary. (d) Such letters of authority may either give permission to the bank to disclose information for a specific request or grant permission for an indeterminate length of time. (e) The request should reach the branch manager at least one month in advance of the client's yearend and should state both that year-end date and the previous year-end date. (f) The auditors should themselves check that the bank response covers all the information in the standard and other responses. In determining which of the above approaches is the most appropriate, the auditors should weigh the quality of audit evidence they require in the particular circumstances against the practicality of obtaining a reply from the confirming bank. Difficulty may be encountered in obtaining a satisfactory response even where the client company submits information for confirmation to the confirming bank. It is important that a response is sought for all confirmation requests. Auditors should not usually request a response only if the information submitted is incorrect or incomplete. Auditors control and oversight over the confirmation process Control over the content and dispatch of confirmation requests is the responsibility of the auditors. 141 ASSURANCE However, it will be necessary for the request to be authorised by the client entity. Replies should be returned directly to the auditors and to facilitate such a reply, a pre-addressed envelope should be enclosed with the request. Bank reconciliation Care must be taken to ensure that there is no window dressing, by auditing cut-off carefully. Window dressing in this context is usually manifested as an attempt to overstate the liquidity of the company by: (a) Keeping the cash book open to take credit for remittances actually received after the year-end, thus enhancing the balance at bank and reducing receivables (b) Recording cheques paid in the period under review which are not actually dispatched until after the year-end, thus decreasing the balance at bank and reducing liabilities A combination of (a) and (b) can contrive to present an artificially healthy looking current ratio. With the possibility of (a) above in mind, where lodgements have not been cleared by the bank until the new period, the auditors should examine the paying-in slip to ensure that the amounts were actually paid into the bank on or before the period-end date. As regards (b) above, where there appears to be a particularly large number of outstanding cheques at the year-end, the auditors should check whether these were cleared within a reasonable time in the new period. If not, this may indicate that dispatch occurred after the year-end. Detailed Audit procedures over cash and Bank Obtain standard bank confirmations from each bank with which the client conducted business during the audit period. Reperform arithmetic of bank reconciliation. Trace cheques shown as outstanding from the bank reconciliation to the cash book prior to the year-end and to the after-date bank statements and obtain explanations for any large or unusual items not cleared at the time of the audit. Compare cash book(s) and bank statements in detail for the last month of the year, and match items outstanding at the reconciliation date to bank statements. Review bank reconciliation previous to the year-end bank reconciliation and test whether all items are cleared in the last period or taken forward to the year-end bank reconciliation. Obtain satisfactory explanations for all items in the cash book for which there are no corresponding entries in the bank statement and vice versa by discussion with finance staff. Verify contra items appearing in the cash books or bank statements with original entry. Verify by inspecting paying-in slips that uncleared bankings are paid in prior to the yearend. ASSURANCE 142 Examine all lodgements in respect of which payment has been refused by the bank ensure that they are cleared on representation or that other appropriate steps have b taken to effect recovery of the amount due. Verify balances per the cash book according to the bank reconciliation by inspectin book, bank statements and general ledger. Verify the bank balances with reply to standard bank letter and with the bank state Inspect the cash book and bank statements before and after the year-end for except entries or transfers which have a material effect on the balance shown to be in-han Identify whether any accounts are secured on the assets of the company by discuss with management. Consider whether there is a legal right of set-off of overdrafts against positive bank balances. Determine whether the bank accounts are subject to any restrictions by inquiries w management. Review draft accounts to ensure that disclosures for bank are complete and accurat in accordance with accounting standards. Cash on hand Cash on hand includes relates to petty cash, or cash receipts from cash sales. Cash fro sales can be tested by testing controls over sales. Cash on hand relating to cash flo have specific procedures as discussed below Planning for cash counts Planning is an essential element, as it is important that all cash balances are counte same time as far as possible. Cash in this context may include unbanked cheques re IOUs and credit card slips, in addition to notes and coins. As part of their planning procedures the auditors will need to determine the location cash is held and which of these locations warrant a count. Planning decisions will need to be recorded on the current audit file including: The precise time of the count(s) and location(s) The names of the audit staff conducting the counts The names of the client staff intending to be present at each location Where a location is not visited it may be appropriate to obtain a letter from th confirming the balance. The following matters apply to the count itself. All cash/petty cash books should be written up to date in ink (or other permanent at the time of the count. All balances must be counted at the same time. All negotiable securities must be available and counted at the time the cash bala counted. ASSURANCE 143 k; been Detailed Audit procedures over cash on hand ng cash ements. tional nd. sion with te and ed at the eceived, ns where Count cash balances held and agree to petty cash book or other record: o Count all balances simultaneously o All counting to be done in the presence of the individuals responsible o Enquire into any IOUs or cashed cheques outstanding for a long period of time Obtain certificates of cash-in-hand from responsible officials. Confirm that bank and cash balances as reconciled above are correctly stated in the financial statements Follow up k om cash oats will At no time should the auditors be left alone with the cash and negotiable securities. All cash and securities counted must be recorded on working papers subsequently filed on the current audit file. Reconciliations should be prepared where applicable (for example, imprest petty cash float). 6.2.7 Obtain certificates of cash-in-hand as appropriate. Verify unbanked cheques/cash receipts have subsequently been paid in and agree to the bank reconciliation by inspection of the relevant documentation. Ensure IOUs and cheques cashed for employees have been reimbursed. Review whether IOUs or cashed cheques outstanding for unreasonable periods of time have been provided for. Verify the balances as counted are reflected in the accounts (subject to any agreed amendments because of shortages and so on) by inspection of draft financial statements. Payables Key areas when testing payables and liabilities are: Ensuring that all liabilities are included Confirming that all liabilities are bona fide owed by the company Based on the above objectives the key risks are due to: The entity may understate its liabilities in the financial statements There may be incorrect cut off over goods inward and recording of related liabilities Liabilities that ought to be derecognised may be reported. Audit objectives and assertions The following are audit objectives for tangible noncurrent assets and the related assertions that are made by management in the financial statements. he client t form) 144 ances are ASSURANCE Financial statement Audit objective assertion Assertions about classes of All purchase transactions recorded have occurred and Transactions relate to the entity (occurrence) All purchase transactions that should have been recorded have been recorded (completeness) Amounts relating to transactions have been recorded appropriately (accuracy) Purchase transactions have been recorded in the correct period (cut-off) Purchase transactions are recorded properly in the accounts (classification) Assertions about account Trade payables and accrued expenses are valid balances at the period-end liabilities (existence) Trade payables and accrued expenses are the obligations of the entity (rights and obligations) All liabilities have been recorded (completeness) All liabilities are included in the accounts at appropriate amounts (valuation and allocation) Assertions about All disclosed events and transactions relating to presentation and disclosure liabilities have occurred and relate to the entity (occurrence and rights and obligations) All disclosures required have been included (completeness) Financial information is appropriately presented and described and disclosures clearly expressed (classification and understandability) Financial information is disclosed fairly and at appropriate amounts (accuracy and valuation) Internal control considerations for payables Key controls relate to those applicable to the purchases system including ensuring purchases were authorised the segregation of duties matching GRNs with invoices, and; Prompt recording to minimise cut-off issues. Preparation and reconciliation of supplier statements to the ledger (explained further below). 145 ASSURANCE Reconciliations of accounts payables with suppliers' statements The most important control is comparison of the suppliers’ statements with payables ledger balances. This is a control that is done by the client himself. Supplier’s statements are strong source of evidence because they are independently prepared by a third party and confirm the existence, completeness and valuation of payables balances. Care should be taken to ensure that originals are used to avoid the possibility of client tampering with the statements. Therefore faxed copies should not be used. Selection of accounts to test should include the following Accounts with major suppliers regardless of amount. Specific selection of nil or positive balances and not only large amounts. Specifically select low balances with major suppliers The reason for this approach is that the risk on payable is the understatement of payables therefore the risk is that a liability has not been recorded and focus should then not be on the “large” amounts “already recorded”. Confirmation of payables Confirmation of amounts payable is generally not done. This is because there are alternative procedures that can be used to verify the payables balances. This includes reliance on third party independent information from invoices and suppliers statements. When the auditor decides to confirm payables, he will usually send a blank confirmation that does not state the balance owed but requires the supplier to declare the amount owed and to provide a detailed statement of account. Once received it is reconciled with the entity’s records. This type of confirmation is a positive confirmation. Audit procedures for payables The procedures for accounts payable and accruals are summarised in the table below. Many of the procedures in the table below are applicable to the related statement of profit or loss items, since the figures in that statement constitute the movement between the current and previous year’s statement of financial position balances. Some are also procedures relating to statement of profit or loss figures which indirectly give evidence over the year end balances. Assertion Audit procedure Payables are completely recorded Obtain a listing of trade accounts payables and agree the total to the general ledger by casting and cross-casting. Test for unrecorded liabilities by inquiries of management on how unrecorded liabilities and accruals are identified and examining post yearend transactions. 146 ASSURANCE Reported payables actually exist Obtain selected suppliers' statements and reconcile these to the relevant suppliers' accounts (see Section 2.3 for details of suppliers' statements). Examine files of unmatched purchase orders and supplier invoices for any unrecorded liabilities. Perform a confirmation of accounts payables for a sample (see Section 2.2 for details of the accounts payables' confirmation). Complete the disclosure checklist to ensure that all the disclosures relevant to liabilities have been made. Compare the current year balances for trade accounts payables and accruals to the previous year. Compare the amounts owed to a sample of individual suppliers in the trade accounts payables listing to amounts owed to these suppliers in the previous year. Compare the payables' turnover and payables' days to the previous year and industry data. Reperform casts of payroll records to confirm completeness and accuracy. Confirm payment of net pay per payroll records to cheque or bank transfer summary. Agree net pay per cashbook to payroll. Inspect payroll for unusual items and investigate them further by discussion with management. Perform proof-in-total (analytical procedures) on payroll and compare to figure in draft financial statements to assess reasonableness. Vouch selected amounts from the trade accounts payables listing and accruals listing to supporting documentation such as purchase orders and suppliers' invoices. Obtain selected suppliers' statements and reconcile these to the relevant suppliers' accounts. Perform a confirmation of accounts payables for a sample. Perform analytical procedures comparing current year balances to the previous year to confirm reasonableness, and also calculating payables' turnover and comparing to the previous year. The client has bona fide obligations to settle payables Vouch a sample of balances to supporting documentation such as purchase orders and suppliers' invoices to obtain audit evidence regarding rights and obligations. Payables are properly valued and allocated Trace selected samples from the trade accounts payables listing and accruals listing to the supporting documentation (purchase orders, minutes authorising expenditure, suppliers' invoices etc.). 147 ASSURANCE Payables are properly cut-off Payables are accurately recorded Obtain selected suppliers' statements and reconcile these to the relevant suppliers' accounts. For a sample of accruals, recalculate the amount of the accrual to ensure the amount accrued is correct. Compare the current year balances for trade accounts payables and accruals to the previous year. Compare the amounts owed to a sample of individual suppliers in the trade accounts payables listing to amounts owed to these suppliers in the previous year. Compare the payables' turnover and payables' days to the previous year and industry data. For a sample of vouchers, compare the dates with the dates they were Recorded in the ledger for application of correct cut-off. Test transactions around the year-end to determine whether amounts have been recognised in the correct financial period. Perform analytical procedures on purchase returns, comparing the purchase returns as a % of sales or cost of sales to the previous year. Recalculate the mathematical accuracy of a sample of suppliers' invoices to confirm the amounts are correct. Recast calculation of remuneration. Reperform calculation of statutory deductions to confirm whether correct. Confirm validity of other deductions by agreeing to supporting documentation. Recast calculation of other deductions. Reported payables are valid and actually occurred Review the trade accounts payables listing to identify any large debits (which should be reclassified as receivables or deposits) or long-term liabilities which should be disclosed separately. Read the disclosure notes relevant to liabilities in the draft financial statements and review for understandability. Payables are accurate and properly valued Read the disclosure notes to ensure the information is accurate and Properly presented at the appropriate amounts. Although the procedures above include details of some procedures which give evidence over items in the statement of profit or loss, the following are procedures specifically related to the audit of purchases and other expenses: Inspect a sample of purchase invoices to ensure they agree to the amount posted to the general ledger. 148 ASSURANCE Compare expenses making up administrative expenses to the prior year charge and to expectations on a line by line basis. Where differences from expectations are discovered they should be investigated. Inquire of management whether there are any unsettled claims or obligations arising before the year end and ensure these are provided for (to give evidence over the completeness of the charge in the related expense category in the statement of profit or loss) Recalculate accruals and prepayments to gain evidence that other expenses are not over or understated. Compare gross profit margin with the previous year, the gross margin per the budget and expectations. Investigate any unexpected fluctuations. One expense that may make up a significant proportion of expenses is the wages cost included in statement of profit or loss. It is important you know procedures that can be used when auditing this area. Although a number of these are included in the table on the previous page as they are related to the SOFP balances, they are reproduced here for clarity along with other relevant procedures: Reconcile the gross costs on the payroll to the wages cost in the financial statements. Reperform casts of payroll records to confirm completeness and accuracy of costs used as a basis for the journals to the financial statements Confirm payment of net pay per payroll records to cheque or bank transfer summary. Inspect payroll for unusual items and investigate them further by discussion with management. Perform proof-in-total (analytical procedures) on payroll by multiplying estimated average wage (using last year’s figures plus expected increases) by average number of employees (therefore incorporating starters and leavers) and compare to figure in draft financial statements to assess reasonableness. Reperform calculations of statutory deductions to establish whether valid deductions have been included in the payroll expense. 6.2.8 Long term liabilities Long term liabilities are usually authorised by the board and should be well documented. Key areas when testing payables and liabilities are: Ensuring that all liabilities are included Confirming that all liabilities are bona fide owed by the company Based on the above objectives the key risks are due to: The entity may not disclose all long term liabilities Interest payable may not be calculated correctly Interest may not be included in the correct accounting period Disclosures on payables may be incorrect. 149 ASSURANCE The major complication for the auditors is that debenture and loan agreements frequently contain conditions with which the company must comply, including restrictions on the company's total borrowings and adherence with specific borrowing ratios. Audit objectives and assertions The following are audit objectives for long term liabilities and the related assertions that are made by management in the financial statements Financial assertion Completeness Accuracy Classification understandability statement Audit objective all non-current liabilities have been disclosed interest payable has been calculated correctly and included in the correct accounting period and whether long-term loans and interest have been correctly disclosed in the financial statements Substantive procedures over long term liabilities Obtain/prepare schedule of loans outstanding at the year-end date showing, for each loan: name of lender, date of loan, maturity date, interest date, interest rate, balance at the end of the period and security. Compare opening balances to previous year's papers. Test the clerical accuracy of the analysis. Compare balances to the general ledger. Agree name of lender etc., to register of debenture holders or equivalent (if kept). Trace additions and repayments to entries in the cash book. Confirm repayments are in accordance with loan agreement. Examine cancelled cheques and memoranda of satisfaction for loans repaid. Verify that borrowing limits imposed by agreements are not exceeded. Examine signed Board minutes relating to new borrowings/repayments. Obtain direct confirmation from lenders of the amounts outstanding, accrued interest and what security they hold. Verify interest charged for the period is in accordance with statements and supporting agreements, and consistent with known interest rates. Consider the adequacy of accrued interest. Confirm assets charged have been entered in the register of charges and notified to the Registrar. Review restrictive covenants and provisions relating to default: – Review any correspondence relating to the loan – Review confirmation replies for non-compliance – If a default appears to exist, determine its effect, and schedule findings Review minutes, cash book to confirm that all loans have been recorded. Review draft accounts to ensure that disclosures for non-current liabilities are correct and in accordance with accounting standards. Any elements repayable within one year should be classified under current liabilities. 150 ASSURANCE 6.2.9 Provisions and contingencies The accounting treatments for provisions and contingencies are complex and involve judgement and this can make them difficult to audit however, the treatment should be in accordance with IAS 37 provisions. Examples of the principal types of contingencies disclosed by companies are: Guarantees (for group companies, of staff pension schemes, of completion of contracts) Discounted bills of exchange Uncalled liabilities on shares or loan inventory Lawsuits or claims pending Options to purchase assets Audit procedures for contingencies The following are procedures that can be performed for contingencies Make appropriate inquiries of management and others including in-house legal advisers. Review minutes of meetings of those charged with governance and correspondence between the entity and its external legal advisers. Review legal expense accounts. Use any information obtained regarding the entity's business including information obtained from discussions with any in-house legal department When matters are identified send a letter of enquiry to the client’s legal counsel. This can be a o general letter of enquiry requesting information on general legal matters or o specific letter of enquiries which has list of litigation and claims, management’s assessment of outcome and costs A request that the legal counsel comment on the reasonability of management’s assessment. Audit procedures for provisions The following are procedures that can be performed for contingencies Obtain details of all provisions which have been included in the accounts and all contingencies that have been disclosed. Obtain a detailed analysis of all provisions showing opening balances, movements and closing balances. Determine for each material provision whether the company has a present obligation as a result of past events by: o Review of correspondence relating to the item o Discussion with the directors. Have they created a valid expectation in other parties that they will discharge the obligation? 151 ASSURANCE Determine for each material provision whether it is probable that a transfer of economic benefits will be required to settle the obligation by: o Checking whether any payments have been made in the post year-end period in respect of the item by reviewing after-date cash o Review of correspondence with solicitors, banks, customers, insurance company and suppliers both pre and post year-end o Sending a letter to the solicitor to obtain his views (where relevant) o Discussing the position of similar past provisions with the directors. Were these provisions eventually settled? o Considering the likelihood of reimbursement Recalculate all provisions made. o Compare the amount provided with any post year-end payments and with any amount paid in the past for similar items. o In the event that it is not possible to estimate the amount of the provision, check that a contingent liability is disclosed in the accounts. Consider the nature of the client's business. Would you expect to see any other provisions e.g. warranties? Consider the adequacy of disclosure of provisions, contingent assets and contingent liabilities in accordance with IAS 37. 6.2.10 Capital and Other Issues The main concern with share capital and reserves is that the company has complied with the law. The issued share capital must be agreed in total with the share register. An examination of transfers on a test basis should be made in those cases where a company handles its own registration work. Where the registration work is dealt with by independent registrars, auditors will normally examine the reports submitted by them to the company, and obtain from them at the year-end a certificate of the share capital in issue. Auditors should check carefully whether clients have complied with local legislation about share issues or purchase of own shares. Auditors should take particular care if there are any movements in reserves that cannot be distributed, and should confirm that these movements are valid. The following are audit procedures for capital Balance/Transaction Audit procedure Share capital Issue of shares Agree the authorised share capital with the statutory documents governing the company's constitution. Agree changes to authorised share capital with properly authorised resolutions. Verify any issue of share capital or other changes during the year with general and board minutes. 152 ASSURANCE Transfer of Shares Dividends Reserves 6.2.11 Ensure issue or change is within the terms of the constitution, and directors possess appropriate authority to issue shares. Confirm that cash or other consideration has been received or receivable(s) is included as called-up share capital not paid. Verify transfers of shares by reference to: o Correspondence o Completed and stamped transfer forms o Cancelled share certificates o Minutes of directors' meeting Review the balances on shareholders' accounts in the register of members and the total list with the amount of issued share capital in the general ledger. PLAN: CAPITAL AND RELATED ISSUES Agree movements on reserves to supporting authority. Ensure that movements on reserves do not contravene the legislation and the company's constitution by reviewing the legislation. Confirm that the company can distinguish distributable reserves from those that are non-distributable. Ensure appropriate disclosures of movements on reserves are made in the company's accounts by inspection of the financial statements. Agree movements on reserves to supporting authority. Ensure that movements on reserves do not contravene the legislation and the company's constitution by reviewing the legislation. Confirm that the company can distinguish distributable reserves from those that are non-distributable. Ensure appropriate disclosures of movements on reserves are made in the company's accounts by inspection of the financial statements. Directors Emoluments The main concern with directors’ emoluments is to make sure the disclosure of directors' emoluments is complete, accurate, and compliant with both applicable accounting standards and local legislation. The shareholders and other users of the financial statements will be very interested in how much of the company's wealth is being paid out to the directors and this area will always be a material one. The area of directors' emoluments is said to be material by nature. International Financial Reporting Standards also require compensation payments to key management personnel to be disclosed per the requirements of IAS 24 Related party disclosures. 153 ASSURANCE The following payments and benefits a company needs to disclose in respect of management and the board. a) Short-term employee benefits, such as wages, salaries and social security contributions, paid annual leave and paid sick leave, profit-sharing and bonuses and non-monetary benefits for current employees b) Post-employment benefits such as pensions, other retirement benefits, post-employment life insurance and post-employment medical care c) Other long-term employee benefits, including long-service benefits, and deferred compensation d) Termination benefits e) Share-based payments The following are audit procedures for directors’ emoluments For each director, obtain a schedule of emoluments for the year, split between wages, bonuses, benefits, pension contributions and other emoluments. Check the addition of the schedule and ensure the totals are in agreement with the disclosure in the financial statements. Ask each individual director to confirm the emoluments listed are complete and in line with their expectations. Compare the emoluments with both the previous year's emoluments and with expectations, taking into account the knowledge obtained during the audit (for example if you know a director has left during the year, is there any compensation for loss of office expected?). Agree salaries, fees, bonuses and pension contributions to payroll records for the individual directors and check the amounts paid on the bank statements agree with the payroll records. Review the directors’ contracts and ensure emoluments are consistent with the terms of these contracts. Review board meeting minutes and meetings of any remuneration committee for evidence of any bonuses, fees or other emoluments not disclosed. Review the cash book for any unusual transactions which suggest undisclosed directors’ emoluments. Obtain and review returns to tax authorities made on behalf of the directors by the company which detail non cash benefits. Ensure these are consistent with the benefits disclosed in the financial statements. Consider the adequacy of disclosure of directors’ emoluments in accordance with applicable accounting standards and local legislation, including the separate disclosure of amounts due to or from directors in respect of director's emoluments. End of Chapter Summary The key issues to consider are as listed: Non current assets: existence, rights and obligations, completeness, and valuation. Information to verify these can be sourced from third party valuations, invoices, inspections by the auditor, client schedules and calculations. 154 ASSURANCE Inventories: existence and valuation. Information to verify these can be sourced from auditor’s attendance at the inventory count, client controls over inventory count and client production records. Receivables: rights and obligations, valuation. Information to verify these can be sourced from third party confirmations and payments after year end. Bank: rights and obligations, valuation. Information to verify these can be sourced from independent bank confirmations, bank reconciliations and client scheduloes. Payables: rights and obligations, completeness, valuation. Information to verify these can be sourced from third party supplier statements and invoices. Long term liabilities: rights and obligations, completeness, valuation/accuracy, and disclosure. Information to verify these can be sourced from loan agreements, loan confirmations from lenders, board minutes client schedule, and client calculations. Income statement items: occurrence, completeness, valuation/accuracy, disclosure and cut off. 155 ASSURANCE CHAPTER 7: FINANCIAL STATEMENTS: FINALISATION AUDIT REVIEW AND Topic List 1. 2. 3. 4. 5. 6. 7. 8. 9. Introduction; General overall review; Review for consistency and reasonableness; Evaluation of misstatements; Review of subsequent events; Review of going concern; Written representation; Chapter summary; and End of chapter questions. Learning Outcomes By the end of this chapter students will be able to: Explain the general and overall audit evaluation and review procedures that are carried out at the end of the audit; and Explain the other more specific evaluations and reviews that are carried out, including the review of the following: Opening balances, comparatives, other non-financial information, subsequent events and the audit client’s going concern. 156 ASSURANCE 7.1 Introduction At the end of the audit a series of reviews and evaluations are carried out by the audit manager and finally by the engagement partner. The objective of these assessments is to assess the appropriateness and sufficiency of the audit evidence collected in accordance with the audit plan. Once the engagement partner has finished his review and is satisfied with the audit evidence collected, the audit opinion is expressed. The reviews would sometimes indicate the need for more evidence to be collected by the audit team before the opinion is expressed; this can be through the performance of additional or alternative procedures on some of the audit sections. The reviews that take place during the completion stage of the audit include subsequent events and going concern. These are both important disclosure issues in the financial statements, because if the disclosures are not correct, this will impact on the auditor's report. We also consider the use and reliability of written representations from management as audit evidence. Financial reporting knowledge is particularly important at the review stage of the audit. Auditors need to be able to interpret accounts and understand the requirements of specific accounting standards. Analytical procedures must be used when undertaking the final review of the financial statements. 7.2 General and overall reviews Once most of the substantive audit procedures have been carried out, the auditors will have a draft set of financial statements which should be supported by appropriate and sufficient audit evidence. At the beginning of the end of the audit process, it is usual for the auditors to undertake an overall review of the financial statements. This review of the financial statements, in conjunction with the conclusions drawn from the other audit evidence obtained, gives the auditors a reasonable basis for their opinion on the financial statements. It should be carried out by a senior member of the audit team, with appropriate skills and experience. The auditors should consider whether: 1) The information presented in the financial statements is in accordance with local/national statutory requirements. 2) The accounting policies employed are in accordance with accounting standards, properly disclosed, consistently applied and appropriate to the entity. When examining the accounting policies, auditors should consider: 1) Policies commonly adopted in particular industries 2) Policies for which there is substantial authoritative support 3) Whether any departures from applicable accounting standards are necessary for the financial statements to give a true and fair view 157 ASSURANCE 4) Whether the financial statements reflect the substance of the underlying transactions and not merely their form When compliance with local/national statutory requirements and accounting standards is considered, the auditors may find it useful to use a checklist. 7.3 Review for consistency and reasonableness The auditors should consider whether the financial statements are consistent with their knowledge of the entity's business and with the results of other audit procedures, and the manner of disclosure is fair. This can be done by applying analytical procedures at or near the end of the audit in accordance with ISA 520 Analytical procedures which states that the auditor shall design and perform analytical procedures near the end of the audit that assist in forming an overall conclusion as to whether the financial statements are consistent with the auditor's understanding of the entity. The principal considerations are as follows. a) Whether the financial statements adequately reflect the information and explanations previously obtained and conclusions previously reached during the course of the audit b) Whether it reveals any new factors which may affect the presentation of, or disclosure in, the financial statements c) Whether analytical procedures applied when completing the audit, such as comparing the information in the financial statements with other pertinent data, produce results which assist in arriving at the overall conclusion as to whether the financial statements as a whole are consistent with their knowledge of the entity's business d) Whether the presentation adopted in the financial statements may have been unduly influenced by the directors' desire to present matters in a favourable or unfavourable light e) The potential impact on the financial statements of the aggregate of uncorrected misstatements (including those arising from bias in making accounting estimates) identified during the course of the audit and the preceding period's audit, if any The analytical review at the final stage should cover the following: Important accounting ratios Related items Changes in products/customers Price and mix changes Wages changes Variances Trends in production and sales Changes in material and labour content of production 158 ASSURANCE Other expenditure in the statement of profit or loss Variations caused by industry or economy factors As at other stages of the audit process, significant fluctuations and unexpected relationships must be investigated by inquiries of management and obtaining appropriate audit evidence relevant to management's responses, and performing other audit procedures considered necessary. 7.4 Review for consistency of accounting policies Auditors should therefore consider whether new accounting policies are appropriate, whether matters in financial statements are consistent with each other, and whether the financial statements give a true and fair view. 7.5 Evaluation of Misstatements During the course of the audit some audit misstatements are communicated to the client and these are adjusted before producing the final draft Financial Statements that are given to the auditors. The auditor is required to evaluate the impact of these misstatements. The guidance used in the evaluation is ISA 450 Evaluation of misstatements identified during the audit. This standard classifies misstatements in the following categories Factual misstatements (misstatements about which there is no doubt) Judgemental misstatements (misstatements arising from management's judgement concerning accounting estimates or accounting policies) and projected misstatements (the auditor's best estimate of misstatements arising from sampling populations). ISA 450 Requires these errors to be communicated to management and to request management to correct those misstatements. If management refuses, the auditor must establish the reasons why and consider this when evaluating whether the financial statements as a whole are free from material misstatement. Auditors shall also consider whether the aggregate of uncorrected misstatements in the financial statements is material, having first reassessed materiality in accordance with ISA 320 Materiality in planning and performing an audit to confirm that it is still appropriate. When determining whether uncorrected misstatements are material (individually or in aggregate), the auditor shall consider the size and nature of the misstatements and the effect of uncorrected misstatements related to prior periods on the financial statements as a whole. 7.6 Uncorrected misstatements ISA 450 requires the auditor to communicate uncorrected misstatements and their effect to those charged with governance, with material uncorrected misstatements being identified individually. The auditor shall request uncorrected misstatements to be corrected. The auditor shall also communicate the effect of uncorrected misstatements relating to prior periods. 159 ASSURANCE The auditor shall request a written representation from management and those charged with governance whether they believe the effects of uncorrected misstatements are immaterial (individually and in aggregate) to the financial statements as a whole. A summary of these items shall be included in or attached to the representation. ISA 450 also requires the auditor to document the following information: The amount below which misstatements would be regarded as clearly trivial All misstatements accumulated during the audit and whether they have been corrected The auditor's conclusion as to whether uncorrected misstatements are material and the basis for that conclusion The guidance from ISA 320, Audit materiality is as follows: ASSESSING MATERIALITY OF MISSTAMENTS In evaluating whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework, the auditor should assess whether the aggregate of uncorrected misstatements that have been identified during the audit is material. - ISA 320.12 EFFECT OF ERRORS ON THE AUDIT OPINION If management refuses to adjust the financial statements and the results of extended audit procedures do not enable the auditor to conclude that the aggregate of uncorrected misstatements is not material, the auditor should consider the appropriate modification to the auditor’s report in accordance with ISA 700, “The Auditor’s Report on Financial Statements.” - ISA 320.15 7.7 Review of subsequent events Subsequent events are events occurring between the period-end and the date of the auditor's report and also include facts discovered after the auditor's report has been issued. Auditors shall consider the effect of such events on the financial statements and on their audit opinion. IAS 10 Events after the reporting period deals with the treatment in the financial statements of events, both favourable and unfavourable, occurring after the period-end. There are two types of event defined by IAS 10: Those that provide evidence of conditions that existed at the year-end date (adjusting events) Those that are indicative of conditions that arose after the year-end date (non-adjusting events) 160 ASSURANCE Students should be able to distinguish between adjusting and non-adjusting as illustrated below: Adjusting events Non adjusting events Settlement of a court case Dividend declaration after year end Sale of inventory after year-end providing Fire causing damage to plant evidence of its NRV at year-end Fraud or error showing the accounts are Announcement of a major restructuring incorrect Audit procedures Auditors have a responsibility to review subsequent events before they sign the auditor's report, and may have to take action if they become aware of subsequent events between the date they sign the auditor's report and the date the financial statements are issued. The auditor will therefore perform audit procedures with the objective of Obtaining sufficient appropriate audit evidence about whether events occurring between the date of the financial statements and the date of the auditor's report that need adjustment or disclosure in the financial statements are properly reflected in the financial statements Responding appropriately to facts that become known to the auditor after the date of the auditor's report which may have caused the auditor to amend the auditor's report if they were known to the auditor at the date of the report Auditors’ duties are illustrated in the diagram below 7.7.1 Events occurring up to the date of the auditor's report ISA 560: Subsequent events lists procedures to identify subsequent events which may require adjustment or disclosure. They should be performed as near as possible to the date of the auditors' report. Make inquiries of management whether Status of items involving subjective judgement Status of items accounted for using preliminary or inconclusive data 161 ASSURANCE Whether there are any new commitments, borrowings or guarantees Whether there have been any: o Sales or destruction of assets o Issues of shares/debentures or changes in business structure o Developments involving risk areas, provisions and contingencies o Unusual accounting adjustments o Major events (e.g. going concern problems) affecting appropriateness of o accounting policies for estimates o Litigations or claims Other Procedures Review management procedures for identifying subsequent events to ensure that such events are identified. Read minutes of general board/committee meetings and enquire about unusual items. Review latest available interim financial statements and budgets, cash flow forecasts and other management reports. Obtain evidence concerning any litigation or claims from the company's solicitors (only with client permission). Obtain written representation that all events occurring subsequent to the period-end which need adjustment or disclosure have been adjusted or disclosed. 7.7.2 Facts discovered after the date of the auditor's report but before the financial statements are issued Because the financial statements are the management's responsibility. Management should therefore inform the auditors of any material subsequent events between the date of the auditors' report and the date the financial statements are issued. The auditor does not have any obligation to perform procedures, or make enquiries regarding the financial statements, after the date of the report. However if the auditor becomes aware of a fact that, had it been known to the auditor at the date of the auditor's report, may have caused the auditor to amend the auditor's report, the auditor shall: Discuss the matter with management and those charged with governance. Determine whether the financial statements need amendment. If amendment is required, inquire how management intends to address the matter in the financial statements. If amendment is required to the financial statements and management makes the necessary changes, the auditor must carry out a number of procedures: Undertake any necessary audit procedures on the changes made. 162 ASSURANCE Extend audit procedures for identifying subsequent events that may require adjustment of or disclosure in the financial statements to the date of the new auditor's report. Provide a new auditor's report on the amended financial statements. If management does not amend the financial statements: If the auditor's report has not yet been provided to the entity, the auditor shall modify the opinion and then provide the auditor's report. If the auditor's report has already been provided to the entity, the auditor shall notify management and those charged with governance not to issue the financial statements before the amendments are made; but if the financial statements are issued anyway, the auditor shall take action to seek to prevent reliance on the auditor's report. 7.7.3 Facts discovered after the financial statements have been issued Auditors have no obligations to perform procedures or make enquiries regarding the financial statements after they have been issued. However if the auditor becomes aware of a fact that, had it been known to the auditor at the date of the auditor's report, may have caused the auditor to amend the auditor's report, the auditor shall: Discuss the matter with management and those charged with governance. Determine whether the financial statements need amendment. If amendment is required, inquire how management intends to address the matter in the financial statements. If management amends the financial statements, the auditor shall carry out any necessary procedures on the amendment and review the steps taken by management to ensure that anyone in receipt of the previously issued financial statements is informed. The auditor shall also issue a new or amended auditor's report, which will include an explanatory paragraph (known as an emphasis of matter paragraph or other matter paragraph) that refers to a note in the financial statements that discusses the reason for the amendment. Audit procedures will be extended up to the date of the new report. If management does not take the necessary steps, the auditor shall notify management and those charged with governance that the auditor will seek to prevent future reliance on the report. If management still does not act, the auditor shall take appropriate action to seek to prevent reliance on the auditor's report. 7.8 Review of going concern The financial statements should be prepared on the going concern basis unless management either intends to liquidate the entity or has no realistic alternative but to do so. Under the going concern assumption, an entity is viewed as continuing in business for the foreseeable future. When the use of the going concern assumption is appropriate, assets and 163 ASSURANCE liabilities are recorded on the basis that the entity will be able to realise its assets and discharge its liabilities in the normal course of business. If the going concern basis is not appropriate the financial statements are prepared using on a break-up basis. This impact on the financial statements is significant. According to ISA 570: Going Concern The audit objectives regarding going concern are therefore: To obtain sufficient appropriate audit evidence regarding the appropriateness of management's use of the going concern assumptions To conclude whether a material uncertainty exists related to events or conditions that may cast significant doubt on the entity's ability to continue as a going concern To determine the implications for the auditor's report ISA 570 Also gives the following indicators of going concern problems, categorised as operational, financial and other as follows: Operational o Management intentions to liquidate or cease operations o Loss of key management without replacement o Loss of a major market, key customers, licence, or principal suppliers o Labour difficulties o Shortages of important supplies o Emergence of a highly successful competitor Financial o Net liability or net current liability position o Fixed-term borrowings approaching maturity without realistic o prospects of renewal or repayment o Indications of withdrawal of financial support by creditors o Negative operating cash flows (historical or prospective) o Adverse key financial ratios o Substantial operating losses or significant deterioration in the o value of assets used to generate cash flows o Arrears or discontinuance of dividends o Inability to pay creditors on due dates o Inability to comply with terms of loan agreements o Change from credit to cash-on-delivery transactions with suppliers o Inability to obtain financing for essential new product development o or other essential investments Other o o o o Non-compliance with capital or other statutory requirements Pending legal or regulatory proceedings against the entity that may, if successful, result in claims that the entity is unlikely to be able to satisfy Changes in laws/regulations/government policy expected to adversely affect the entity Uninsured or underinsured catastrophes when they occur 164 ASSURANCE 7.8.1 Respective responsibilities for going concern Both management and the auditor have a responsibility regarding going concern as follows: Management’s responsibility for going concern Management are required to make an assessment of an entity's ability to continue as a going concern. This responsibility is imposed by o the companies Act; and also; o IAS 1 Presentation of financial statements. This assessment will be affected by significant judgement due to inherently uncertain future outcomes of events or conditions. This judgement is affected by: Uncertainty future events and the further into the future an event/condition/outcome occurs the more uncertain it is o The Size and complexity of the entity o the Nature and condition of the business o The information available at the time the judgement is made with the limitations that this information may have. As a result actual subsequent events may result in inconsistent outcomes o 7.8.2 Auditor’s responsibility for going concern The auditor is responsible for Discussing the assumptions used in management’s going concern assessment Requesting that an assessment be done by management if it has not already been done. Evaluate whether management’s assessment covers the minimum required period of 12 months from the date of assessment. Evaluating management plans in response to any going concern problems identified by them Requesting a written representation that the client is a going concern Assessing the impact of going concern on the opinion To communicate with those charged with governance events or conditions that may cast doubt on the entity's ability to continue as a going concern regarding Whether the events or conditions constitute a material uncertainty Whether the use of the going concern assumption is appropriate in the preparation and presentation of the financial statements The adequacy of related disclosures 165 ASSURANCE 7.8.3 Impact of going concern on the auditor’s report Going concern problems have an impact on the auditor’s report as follows: Scenario 1. Going concern assumption appropriate but material uncertainty which is adequately disclosed Impact Unmodified opinion and explanatory emphasis of matter paragraph 2. Going concern assumption appropriate but material uncertainty which is not adequately disclosed Qualified or adverse opinion (i.e. modified opinion) 3. Use of going concern assumption inappropriate Adverse opinion (i.e. modified opinion) 4. Management unwilling to make or extend its assessment Qualified or disclaimer of opinion (i.e. modified opinion) Examples of going concern opinions 7.8.3.1 appropriate but material uncertainty which is adequately disclosed In this situation, the opinion on the financial statements will be unmodified but the auditor's report will include an emphasis of matter paragraph which is an explanatory paragraph detailing the uncertainty. Emphasis of Matter Without qualifying our opinion, we draw attention to Note X in the financial statements which indicates that the Company incurred a net loss of ZZZ during the year ended December 31, 20X1 and, as of that date, the company's current liabilities exceeded its total assets by YYY. These conditions, along with other matters as set forth in Note X, indicate the existence of a material uncertainty that may cast significant doubt about the Company's ability to continue as a going concern. 7.8.3.2 appropriate but material uncertainty which is not adequately disclosed In this scenario, as inadequate disclosure has been made of the material uncertainty, the auditor's opinion will be modified – either a qualified or adverse opinion will be issued depending on the magnitude of the uncertainty. An extract from the auditor's report where a qualified opinion is issued is provided by the ISA follows: 166 ASSURANCE Basis for Qualified Opinion The Company's financing arrangements expire and amounts outstanding are payable on March 19, 20X1. The Company has been unable to re-negotiate or obtain replacement financing. This situation indicates the existence of a material uncertainty that may cast significant doubt on the Company's ability to continue as a going concern and therefore the Company may be unable to realise its assets and discharge its liabilities in the normal course of business. The financial statements (and notes thereto) do not fully disclose this fact. Qualified Opinion In our opinion, except for the incomplete disclosure of the information referred to in the Basis for Qualified Opinion paragraph, the financial statements present fairly, in all material respects (or 'give a true and fair view of') the financial position of the Company as at December 31, 20X0, and of its financial performance and its cash flows for the year then ended in accordance with … 7.8.3.3 inappropriate When the going concern assumption has been used but this is considered inappropriate by the auditor, an adverse opinion must be issued, regardless of whether or not the financial statements include disclosure of the inappropriateness of management's use of the going concern assumption. Basis for Adverse Opinion [Provide explanation of inappropriate use of going concern assumption] Adverse Opinion In our opinion, because of the omission of the information mentioned in the Basis for Adverse Opinion paragraph, the financial statements do not present fairly (or 'give a true and fair view of') the financial position of the Company as at December 31, 20X0, and of its financial performance and its cash flows for the year then ended in accordance with … 7.8.3.4 Management unwilling to make or extend its assessment In some circumstances, the auditor may ask management to make or extend its assessment. If management does not do this, a qualified opinion or a disclaimer of opinion in the auditor's report may be appropriate, because it may not be possible for the auditor to obtain sufficient appropriate audit evidence regarding the use of the going concern assumption in the preparation of the financial statements. Examples of auditor's reports with a disclaimer of opinion are provided in the reporting Chapter of this manual which looks at modifications to the auditor's opinion in detail. 167 ASSURANCE 7.9 Written representations as assurance evidence Assurance providers receive many representations during the engagement both solicited and unsolicited in response to specific questions. Some of these representations may be critical to obtaining sufficient appropriate evidence. Written representations are written statements by management provided to the auditor to confirm certain matters or to support other audit evidence. They do not include the financial statements, assertions or supporting books and records. In this regard ISA 580: Written Representations deals with the auditor’s responsibility to obtain written representations on general matters with the objective to To obtain written representations stating that management believes that it has fulfilled the fundamental responsibilities that constitute the premise on which an audit is conducted To support other audit evidence relevant to the financial statements if determined by the auditor or required by other ISAs To respond appropriately to written representations or if management does not provide written representations requested by the auditor The types of representations are further explained below Management’s responsibilities Management are required to make certain representations on the following That they have fulfilled their duty of preparation and presentation of the financial statements That they have provided the auditor with all relevant information and that all transactions are recorded and reported 7.10 Other representations responsibilities Apart from acknowledging management representations other representations can be required as follows: Whether the selection and application of accounting policies are appropriate Plans or intentions that may affect the carrying value or classification of assets and liabilities Liabilities, both actual and contingent Title to, or control over, assets, liens or encumbrances on assets and assets pledged as collateral Aspects of laws, regulations and contractual agreements that may affect the financial statements, including non-compliance All deficiencies in internal control that management is aware of have been communicated to the auditor Written representations about specific assertions in the financial statements Significant assumptions used in making accounting estimates are reasonable 168 ASSURANCE All subsequent events requiring adjustment or disclosure have been adjusted or disclosed The effects of uncorrected misstatements are immaterial, both individually and in aggregate Management has disclosed the results of management's assessment of the risk that the financial statements may be materially misstated as a result of fraud Management has disclosed all information in relation to fraud or suspected fraud involving management, employees with significant roles in internal control, and others where fraud could have a material effect on the financial statements Management has disclosed all information in relation to allegations of fraud or suspected fraud communicated by employees, former employees, analysts, regulators or others Management has disclosed all instances of non-compliance or suspected non-compliance with laws or regulations 7.11 Reliability of written representations Written representations assist to retain a record of representations made unlike oral representations that can be retracted. On their own they are not sufficient audit evidence and therefore cannot be the only evidence. They only corroborate or confirm other existing evidence Where representations are inconsistent with other evidence the auditor should assess the impact of this inconsistency on the quality of evidence already obtain and report accordingly if material. Chapter Summary Subsequent events are events occurring between the period-end and the date of the auditor's report and also include facts discovered after the auditor's report has been issued. Auditors shall consider the effect of such events on the financial statements and on their audit opinion. Auditors have a responsibility to review subsequent events before they sign the auditor's report, and may have to take action if they become aware of subsequent events between the date they sign the auditor's report and the date the financial statements are issued. If the entity has inappropriately used the going concern assumption or a material uncertainty exists, this may impact on the auditor's report. The auditor obtains written representations from management concerning its responsibilities and to support other audit evidence where necessary. The auditors must perform and document an overall review of the financial statements by undertaking analytical procedures before they can reach an opinion. End of chapter Questions 1 State the nature of enquiries that can be made when testing subsequent events 169 ASSURANCE 2 3 What are the respective responsibilities over going concern? Is this statement true or false?, “In evaluating whether the financial statements give a true and fair view, auditors shall assess the materiality of uncorrected misstatements” 170 ASSURANCE CHAPTER 8: FINANCIAL STATEMENTS: REPORTING Topic List 1. Introduction; 2. Auditors report on financial statements; 3. Unmodified opinions; 4. Basic elements of auditors report; 5. Modified report; 6. Matters that do not affect auditor opinion; 7. Matters that affect auditor opinion; 8. Developments in audit report; 9. Chapter summary; and 10. End of chapter questions Learning Outcomes By the end of this chapter students will be able to: Discuss the features of the standard unmodified audit report and the various modifications that can be made. Make judgements and draw audit opinions that are consistent with the results of audit procedures. Critically appraise audit opinions, which have been raised by others, against the supporting evidence. Discuss the auditors’ requirements in relation to reporting to those charged with governance and management. 171 ASSURANCE 8.1 Introduction The auditor's report is the means by which the external auditors express their opinion on the truth and fairness of a company's financial statements. It is for the benefit of the shareholders principally, but also for other users as the audit report is usually kept on public record with the filed financial statements. In this section we will discuss the different types of audit report and the need to emphasise certain matters for the benefit of users of financial statements We will also look at how other information may impact the auditor’s report. We will also assess the impact of the new auditors report format which is applicable. 8.2 The auditor's report on financial statements The auditor is required to produce an auditor's report at the end of the audit which sets out his opinion on the truth and fairness of the financial statements. The report contains a number of consistent elements so that users know the audit has been conducted according to recognised standards. ISA 700 Forming an opinion and reporting on financial statements establishes standards and provides guidance on the form and content of the auditor's report issued as a result of an audit performed by an independent auditor on the financial statements of an entity. It states that the auditor shall form an opinion on whether the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework. In order to provide an opinion the auditor needs to consider the following: Whether sufficient appropriate audit evidence has been obtained (ISA 330) Whether uncorrected misstatements are material (ISA 450) Qualitative aspects of the entity's accounting practices, including indicators of possible bias in management's judgements Whether the financial statements adequately disclose the significant accounting policies selected and applied Whether the accounting policies selected and applied are consistent with the applicable financial reporting framework and are appropriate Whether accounting estimates made by management are reasonable Whether the information in the financial statements is relevant, reliable, comparable and understandable Whether the financial statements provide adequate disclosures to allow users to understand the effect of material transactions and events on the information presented in the financial statements Whether the terminology used in the financial statements is appropriate The overall presentation, structure and content of the financial statements Whether the financial statements represent the underlying transactions and events so as to achieve fair presentation 172 ASSURANCE Whether the financial statements adequately refer to or describe the applicable financial reporting framework 8.3 Unmodified opinions When the auditor obtains sufficient appropriate audit evidence he is supposed to issue an unmodified opinion. “An unmodified opinion is the opinion expressed by the auditor when the auditor concludes that the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework.” If the auditor determines that the financial statements as a whole are not free from material misstatement or cannot obtain sufficient appropriate audit evidence to make this conclusion, the auditor must modify the opinion in accordance with ISA 705 Modifications to the opinion in the independent auditor's report. 8.4 Basic elements of the auditor's report The auditor’s report has as standardised format which is aimed to achieve the following: Promote credibility in the global marketplace Promote the reader's understanding of the report Identify unusual circumstances when they occur. The following are the elements of the report Section Title Content The auditor's report must have a title that clearly indicates that it is the report of the independent auditor. This signifies that the auditor has met all the ethical requirements concerning independence and therefore distinguishes the auditor's report from other reports. The addressee will be determined by law or regulation, but is likely to Addressee be the shareholders or those charged with governance. This shall identify the entity being audited, state that the financial Introductory statements have been audited, identify the title of each statement that paragraph comprises the financial statements being audited, refer to the summary of significant accounting policies and other explanatory notes, and specify the date or period covered by each statement comprising the financial statements. This part of the report describes the responsibilities of those who are Management's responsibility for responsible for the preparation of the financial statements. The report the financial shall include a section headed 'Management's responsibility for the financial statements' and describe management's responsibility statements including the following: Management is responsible for the preparation of the financial statements in accordance with the applicable financial reporting framework. Management is responsible for such internal control necessary to 173 ASSURANCE enable the preparation of financial statements that are free from material misstatement, whether due to error or fraud. Reference shall be made to 'the preparation and fair presentation of these financial statements' (or 'the preparation of financial statements that give a true and fair view') where the financial statements are prepared in accordance with a fair presentation framework. Auditor's responsibility The report shall include a section entitled 'Auditor's responsibility'. The report must state that the auditor is responsible for expressing an opinion on the financial statements based on the audit. This section must also state that the audit was conducted in accordance with International Standards on Auditing and ethical requirements and that the auditor planned and performed the audit so as to obtain reasonable assurance that the financial statements are free from material misstatement. The report must describe an audit by stating that: An audit involves performing procedures to obtain audit evidence about the amounts and disclosures in the financial statements. The procedures chosen depend on the auditor's judgement of risks of material misstatements, and the auditor considers internal control relevant to the preparation of the financial statements in order to design appropriate audit procedures (but not to express an opinion on the effectiveness of internal control). An audit includes evaluation of the appropriateness of the accounting policies used, the reasonableness of accounting estimates made by management and the overall presentation of the financial statements. This part of the report shall also state whether the auditor believes that the audit evidence obtained is sufficient and appropriate to provide a basis for the opinion. Opinion paragraph If the auditor expresses an unmodified opinion on financial statements prepared in accordance with a fair presentation framework, the opinion shall use one of the following equivalent phrases: The financial statements present fairly, in all material respects,…in accordance with [the applicable financial reporting framework]; or The financial statements give a true and fair view of … in accordance with [the applicable financial reporting framework]. Other reporting If the auditor is required by law to report on any other matters, this must be done in an additional paragraph below the opinion paragraph responsibilities which is titled 'Report on other legal and regulatory requirements' or otherwise as appropriate. Auditor's signature The report must contain the auditor's signature, whether this is the auditor's own name or the audit firm's name or both. The report must be dated no earlier than the date on which the auditor Date of the report has obtained sufficient appropriate audit evidence on which to base the 174 ASSURANCE Auditor's address auditor's opinion on the financial statements. The location where the auditor practises must be included. 8.5 Modified auditor’s reports As discussed earlier, if the auditor determines that the financial statements as a whole are not free from material misstatement or cannot obtain sufficient appropriate audit evidence to make this conclusion, the auditor must modify the opinion in accordance with ISA 705 Modifications to the opinion in the independent auditor's report. An auditor’s report is considered to be modified by two broach categories of matters being Matters that do not affect the auditor’s opinion and matters that affect the auditor’s opinion The types of modifications are summarised as follows Category Matters that do not affect the auditor’s opinion Matters that do not affect the auditor’s opinion Type of Modification Emphasis of matter. Qualified opinion, Disclaimer of opinion, or Adverse opinion 8.6 Matters That Do Not Affect the Auditor’s Opinion In certain circumstances, an auditor’s report may be modified by adding an emphasis of matter paragraph to highlight a matter affecting the financial statements which is included in a note to the financial statements that more extensively discusses the matter. The addition of such an emphasis of matter paragraph does not affect the auditor’s opinion. The paragraph would preferably be included after the opinion paragraph and would ordinarily refer to the fact that the auditor’s opinion is not qualified in this respect - ISA 700.30 There are three instances where an emphasis of matter modified report can be issued, these are: 1. When there is a going concern problem. 2. When there is a significant uncertainly about an issue that is material to the Financial Statements, e.g. outcomes of a pending lawsuit. 3. When there are material inconsistencies between other information included in an annual report containing audited Financial Statements, and the evidence collected by the auditor of the issues included in the Financial Statements. However, in extreme cases, such as situations involving multiple uncertainties that are significant to the financial statements, the auditor may consider it appropriate to express a disclaimer of opinion instead of adding an emphasis of matter paragraph. 175 ASSURANCE The auditor should modify the auditor’s report by adding a paragraph to highlight a material matter regarding a going concern problem - ISA 700.31 The auditor should consider modifying the auditor’s report by adding a paragraph if there is a significant uncertainty (other than a going concern problem), the resolution of which is dependent upon future events and which may affect the financial statements. An uncertainty is a matter whose outcome depends on future actions or events not under the direct control of the entity but that may affect the financial statements - ISA700.32 Illustrations of an emphasis of matter modification paragraph are given by ISA 700.33 as follows: On significant uncertainty in an auditor’s report Without qualifying our opinion we draw attention to Note X to the financial statements. The Company is the defendant in a lawsuit alleging infringement of certain patent rights and claiming royalties and punitive damages. The Company has filed a counter action, and preliminary hearings and discovery proceedings on both actions are in progress. The ultimate outcome of the matter cannot presently be determined, and no provision for any liability that may result has been made in the financial statements.” On a going concern problem Without qualifying our opinion we draw attention to Note X to the financial statements which indicates that the Company incurred a net loss of XXX during the year ended 31December 2006, and as of that date, the Company’s current liabilities exceeded its current assets by XXX and its total liabilities exceeded its total assets by XXX. These conditions, along with other matters as set forth in note X, indicate the existence of a material uncertainty which may cast significant doubt about the company’s ability to continue as a going concern 8.7 Matters That Do Affect the Auditor’s Opinion 8.7.1 Qualified opinions A qualified opinion must be expressed in the auditor's report in the following two situations: The auditor concludes that misstatements are material, but not pervasive, to the financial statements. (misstatement or disagreement) The auditor cannot obtain sufficient appropriate audit evidence on which to base the opinion but concludes that the possible effects of undetected misstatements, if any, could be material but not pervasive. (insufficient evidence) 8.7.1.1 The concept of pervasiveness 176 ASSURANCE Pervasiveness is a term used to describe the effects, or possible effects, on the financial statements of misstatements or undetected misstatements (due to an inability to obtain sufficient appropriate audit evidence). There are three types of pervasive effect: 1) Those that are not confined to specific elements, (e.g., transactions, balances or disclosures) in the financial statements 2) Matters as in 1 above and represent or could represent a substantial portion of the financial statements 3) Those that relate to disclosures which are fundamental to users' understanding of the financial statements. 8.7.2 Disclaimer of opinions An opinion must be disclaimed when the auditor cannot obtain sufficient appropriate audit evidence on which to base the opinion and concludes that the possible effects on the financial statements of undetected misstatements, if any, could be both material and pervasive. The opinion must also be disclaimed in situations involving multiple uncertainties when the auditor concludes that, despite having obtained sufficient appropriate audit evidence for the individual uncertainties, it is not possible to form an opinion on the financial statements due to the potential interaction of the uncertainties and their possible cumulative effect on the financial statements. These opinions are summarised in the table below Category of matter Misstatement disagreement Description or Type of opinion There is a misstatement, insufficient Qualified, or evidence or disagreement with Adverse management regarding o the acceptability of the accounting policies selected, o the method of their application, or o the adequacy of financial statement disclosures these opinions are given when the auditor has evidence of the misstatement and quantification of the error and states the impact of the error in his opinion The auditor modifies/ qualifies the opinion as except for if the error is not pervasive and adverse” if pervasive) Insufficient evidence Circumstances beyond the entity's Qualified or or limitation of scope control (e.g. accounting records disclaimer of audit procedures destroyed) Circumstances relating to the nature or timing of the auditor's work (e.g. the timing of the auditor's 177 ASSURANCE appointment prevents the observation of the physical inventory count) Limitations imposed by management (e.g. management prevents the auditor from requesting external confirmation of specific account balances) These opinions are given when the auditor has no evidence and cannot quantify the error and states the impact of the error in his opinion. He modifies/ qualifies the opinion as except for if the limitation is not pervasive and “disclaimer” if pervasive. Note that an adverse opinion is not given because the auditor is unable to state what the ideal situation out to be due to lack of evidence. 8.7.3 Detailed guidance on the above matters is presented below General Guidance from ISA 700.37 A qualified opinion should be expressed when the auditor concludes that an unqualified opinion cannot be expressed but that the effect of any disagreement with management, or limitation on scope is not so material and pervasive as to require an adverse opinion or a disclaimer of opinion. A qualified opinion should be expressed as being ‘except for’ the effects of the matter to which the qualification relates - ISA 700.37 A disclaimer of opinion should be expressed when the possible effect of a limitation on scope is so material and pervasive that the auditor has not been able to obtain sufficient appropriate audit evidence and accordingly is unable to express an opinion on the financial statements - ISA 700.38 An adverse opinion should be expressed when the effect of a disagreement is so material and pervasive to the financial statements that the auditor concludes that a qualification of the report is not adequate to disclose the misleading or incomplete nature of the financial statements - ISA 700.39 Whenever the auditor expresses an opinion that is other than unqualified, a clear description of all the substantive reasons should be included in the report and, unless impracticable, a quantification of the possible effect(s) on the Financial Statements. Ordinarily, this information would be set out in a separate paragraph preceding the opinion or disclaimer of opinion and may include a reference to a more extensive discussion, if any, in a note to the financial statements - ISA 700.40 8.7.4 Guidance from ISA 700.37 on various circumstances 8.7.4.1 Limitation of Scope - two fold A limitation on the scope of the auditor’s work may sometimes be imposed by the entity (for example, when the terms of the engagement specify that the auditor will not carry out an 178 ASSURANCE audit procedure that the auditor believes is necessary). However, when the limitation in the terms of a proposed engagement is such that the auditor believes the need to express a disclaimer of opinion exists; the auditor would ordinarily not accept such a limited engagement as an audit engagement, unless required by statute. Also, a statutory auditor would not accept such an audit engagement when the limitation infringes on the auditor’s statutory duties - ISA 700.41 A scope limitation may be imposed by circumstances (for example, when the timing of the auditor’s appointment is such that the auditor is unable to observe the counting of physical inventories). It may also arise when, in the opinion of the auditor, the entity’s accounting records are inadequate or when the auditor is unable to carry out an audit procedures believed to be desirable. In these circumstances, the auditor would attempt to carry out reasonable alternative procedures to obtain sufficient appropriate audit evidence to support an unqualified opinion - ISA 700.42 When there is a limitation on the scope of the auditor’s work that requires expression of a qualified opinion or a disclaimer of opinion, the auditor’s report should describe the limitation and indicate the possible adjustments to the financial statements that might have been determined to be necessary had the limitation not existed - ISA 700.43 Illustrations of these matters are set out below: Limitation on Scope - Qualified Opinion “We have audited ... [as for the standard unqualified report]. Management’s responsibility for the Financial Statements and auditors responsibility (paragraphs 2 to 4) ... [same as for the standard unqualified report]. Basis for Qualified Opinion We did not observe the counting of the physical inventories as of December 31, 20X1, since that date was prior to the time we were initially engaged as auditors for the Company. Owing to the nature of the Company’s records, we were unable to satisfy ourselves as to inventory quantities by other audit procedures. Qualified Opinion In our opinion, except for the effects of such adjustments, if any, as might have been determined to be necessary had we been able to satisfy ourselves as to physical inventory quantities, the financial statements give a true and ...[as for the standard unqualified report]. 179 ASSURANCE Limitation on Scope - Disclaimer of Opinion We were engaged to audit the accompanying financial statements of ABC Company, which comprise the balance sheet as at [31 December 200X], and the income statement, statement of changes in equity and cash flow statement for the year then ended, and a summary of significant accounting policies and other explanatory notes. (Note the change in the wording – we were engaged to… and not we have audited… ) Management’s responsibility for the Financial Statements (paragraphs 2) ... [same as for the standard unqualified report]. [The paragraph discussing the auditor’s responsibility and scope of the audit would either be omitted or amended according to the circumstances - the paragraph is amended to indicate that the auditor have not obtained sufficient appropriate evidence to provide a basis for an audit opinion. The paragraph also omits the description of the elements of the audit work that are described in the unmodified report.] [Add a paragraph discussing the scope limitation as follows:] Basis for Disclaimer of Opinion The Company’s accounting records do not provide sufficient evidence supporting cash transactions and inventory purchases. There were no satisfactory audit procedures that we could have performed to obtain reasonable assurance that the cash transactions and inventory purchases were properly recorded. As a result, we were unable to determine whether any adjustments would be required in respect of recorded or unrecorded sales, recorded or unrecorded cash transactions and inventory purchases, and the related elements making up the statements of income, changes in equity and cash flows. Disclaimer of Opinion Because of the significance of the matter described in the Basis for Disclaimer of Opinion paragraph, we have not been able to obtain sufficient appropriate audit evidence to provide a basis for an audit opinion. Accordingly, we do not express an opinion on the financial statements. 8.7.5 Disagreement with management Illustrations of the matters are set out below: Inappropriate Accounting Method - Qualified Opinion Paragraphs one to four ... [as for the standard unqualified report]. 180 ASSURANCE Basis for Qualified Opinion As discussed in Note X to the financial statements, no depreciation has been provided in the financial statements which practice, in our opinion, is not in accordance with International Accounting Standards. The provision for the year ended December 31, 20X1, should be xxx based on the straight-line method of depreciation using annual rates of 5% for the building and 20% for the equipment. Accordingly, the fixed assets should be reduced by accumulated depreciation of xxx and the loss for the year and accumulated deficit should be increased by xxx and xxx, respectively. Qualified Opinion In our opinion, except for the effect on the financial statements of the matter referred to in the Basis for Qualified Opinion paragraph, the financial statements give a true and ... [as for the standard unqualified report]. Inadequate Disclosure - Qualified Opinion Paragraphs one to four ... [same as for the standard unqualified report]. Basis for Qualified Opinion The Company is controlled by [name of the controlling party (parties)]. Contrary to the requirements of [IAS 24 ‘Related Party Disclosures’], management has not disclosed this information and related disclosure of transactions and balances with this party (these parties) in the accompanying financial statements. In our opinion, disclosure of information on related parties is necessary for a proper understanding of the financial position and operations of the Company. Qualified Opinion In our opinion, except for the effect on the financial statements of the matter referred to in the Basis for Qualified Opinion paragraph, the financial statements give a true and ... [as for the standard unqualified report]. 181 ASSURANCE Non application of a specific standard - Qualified Opinion Paragraphs one to four ... [same as for the standard unqualified report]. Basis for Adverse Opinion The financial statements have been prepared without regard to the requirements of [IAS 39 ‘Financial Instruments: Recognition and Measurement’]. Because of the complexity of this standard and its pervasive effect on the presentation of the financial position and results, it has not been possible to estimate the financial effects of this non-compliance. Adverse Opinion In our opinion, because of the significance of the matter discussed in the Basis for Adverse Opinion paragraph, the financial statements do not give a true and fair view of (or “present fairly, in all material respects”) the financial position of ABC Company as of [December 31, 200X], and of its financial performance and its cash flows for the year then ended in accordance with [International Financial Reporting Standards] [or other identified national financial reporting framework] [and with the requirements of [Country X Corporation Act or other applicable national law]]. 8.8 Developments in Auditor reporting The International Auditing and Assurance Standards Board (IAASB) released a new audit report standard called ‘700 (Revised) Forming an Opinion and Reporting on Financial Statements’. The standard is effective for audits of financial statements for periods ending on or after December 15, 2016, however early discussion is relevant because the new reports are expected stimulate enhanced conversations among auditors, companies, audit committees, shareholders and regulators. In this discussion we will cover the following: 1. 2. 3. 4. Reasons for the change New elements in the audit report Key Audit Matters Going Concern 8.8.1 Reasons for the change Relevance The new report is intended to make audit reporting more relevant to the accounting profession. It is therefore hoped that the more informative reports and dialogue within them will demonstrate more visibly the value and relevance of audit to all stakeholders. Insight The new report intends to move to reports that are more informative, discursive and insightful. This will result from the discussion of areas of key audit focus in the audit. The 182 ASSURANCE new report by requires auditors to describe what the significant issues were, why they were significant, and how they addressed them. Transparency The new report is expected to increase transparency because the auditors makes a clear statement regarding his independence and also requires the indication of the practitioners name in addition to the name of the firm he belongs to. Readability The new report is intended to be easier to read and puts important information at the beginning of the report and subsequent information in a relevant order. Therefore it begins with the opinion and places additional information such as description of an audit and the auditor’s responsibilities at the end of the report. 8.8.2 New Elements in the audit report The Audit report has changes that affect listed specifically and also all entities collectively. Changes for listed companies include Requirement to include key audit matters Requirement to disclose the name of the engagement partner or signing practitioner. Changes for all companies All other companies have an option to adopt the requirements for listed companies if they so wish. The opinion section is placed at the beginning of the audit report Clear and affirmative statement that the auditor is independent and that he has complied with ethical requirements. Improved description about the auditor’s responsibilities and what is involved in an audit. Enhanced reporting on going concern. 8.8.3 Key Audit Matters. Key audit matters require the discussion of areas of key audit focus in the audit by describing what the significant issues were, why they were significant, and how they addressed them. The reporting requirements are that KAM’s must be reported if If an entity is listed or if a law or industry, or professional regulation requires it For all other entities KAMs may be reported at the discretion of the auditor or on request by management or those charged with governance. 183 ASSURANCE KAM’s therefore provide intended users of the financial statements with additional information about those matters that were of most significant during the audit from the perspective of the auditor’s professional judgement. 8.8.4 Going Concern Going concern has recently become more important in view of recent global economic crises. The responsibility for reporting going concern belongs to management and those charged with governance. However the auditor is required to assess the adequacy of these disclosures. The new standard therefore requires clear disclosure of these respective responsibilities of both management and the auditor over going concern. The standard gives further guidance on how to report when management’s disclosures are not adequate or if there is a material uncertainty regarding going concern. The guidance is substantially similar to current guidance on going concern under the current audit reporting standard. Chapter Summary The auditor is required to produce an auditor's report at the end of the audit which sets out his opinion on the truth and fairness of the financial statements. The audit report has a specific required format which helps users to know that the audit has been conducted according to recognised auditing standards and that financial statements are prepared in accordance with a relevant accounting framework. There are three types of modified opinions: a qualified opinion, an adverse opinion and a disclaimer of opinion. Where necessary emphasis of matter paragraphs and other matter paragraphs can be included in the auditor's report. Their use does not modify the auditor's opinion on the financial statements. Auditors shall review the other information in documents containing audited financial statements for material inconsistencies and misstatements of fact. Reports to management can be sent by external auditors after both the interim and final audits. They set out deficiencies in internal control, the implications of those deficiencies on the business and suggested recommendations to mitigate them. End of Chapter Questions During the course of your audit of the non-current assets of Eastern Engineering Inc. at 31 March 20X4, two problems have arisen. (a) The calculations of the cost of direct labour incurred on assets in the course of construction by the company's employees have been accidentally destroyed for the early part of the year. The direct labour cost involved is K10, 000. (b) The company incurred development expenditure of K25, 000 spent on a viable new product which will go into production next year and which is expected to last for ten years. These costs have been expensed in full to the statement of profit or loss. 184 ASSURANCE (c) Other relevant financial information is as follows. Profit before tax Non-current asset additions (excluding constructed assets) 133,000 Assets constructed by company Non-current asset at net book value 100,000 34,000 666,667 Required (a) List the general forms of modification available to auditors in drafting their report and state the circumstances in which each is appropriate. (b) State whether you feel that a modified audit opinion would be necessary for each of the two circumstances outlined above, giving reasons in each case. (c) On the assumption that you decide that a modified audit opinion is necessary with respect to the treatment of the development expenditure, draft the section of the report describing the matter (the whole report is not required). 185 ASSURANCE CHAPTER 9: PROSPECTIVE FINANCIAL INFORMATION Topic List 1. Introduction; 2. Definitions; 3. Accepting a PFI engagement; 4. Auditors procedures; 5. Expressing an opinion; 6. Chapter summary; and 7. End of chapter questions. Learning Outcomes By the end of this chapter students should be able to: Define prospective financial information (PFI); Describe the matters to be considered before accepting an engagement to report on PFI; Describe the auditor’s procedures in the examination of PFI; and Discuss the level of assurance which the auditor may provide on PFI and explain the qualifying factors. 186 ASSURANCE 9.1 Introduction 9.2 Definitions Prospective financial information (PFI) means financial information based on assumptions about events that may occur in the future and possible actions by an entity. It is highly subjective in nature and its preparation requires the exercise of considerable judgment. PFI can be in the form of a forecast, a projection or a combination of both, for example, a one year forecast plus a five year projection Relevant Guidance on PFI engagements is provided by – International Standard on Assurance Engagements 3400 which gives guidance on the key considerations for such engagements. A forecast means prospective financial information is prepared on the basis of assumptions as to future events which management expects to take place and the actions management expects to take as of the date the information is prepared (best-estimate assumptions) – A projection means prospective financial information prepared on the basis of: Hypothetical assumptions about future events and management actions which are not necessarily expected to take place, e.g. when some entities are in a start-up phase or are considering a major change in the nature of operations; or A mixture of best-estimate and hypothetical assumptions. PFI can include financial statements or one or more elements of financial statements and may be prepared: As an internal management tool, for example, to assist in evaluating a possible capital investment; or For distribution to third parties, for example: A prospectus to provide potential investors with information about future expectations. An annual report to provide information to shareholders, regulatory bodies and other interested parties. A document for the information of lenders which may include, for example, cash flow forecasts. 9.2 ACCEPTING AN ENGAGEMENT Before accepting an engagement to examine PFI, the auditor would consider, amongst other things: The intended use of the information; Whether the information will be for general or limited distribution; 187 ASSURANCE The nature of the assumptions, that is, whether they are best-estimate or hypothetical assumptions; The elements to be included in the information; and The period covered by the information The auditor should not accept, or should withdraw from, an engagement when the assumptions are clearly unrealistic or when the auditor believes that the PFI will be inappropriate for its intended use The auditor and the client should agree on the terms of the engagement. It is in the interests of both entity and auditor that the auditor sends an engagement letter to help in avoiding misunderstandings regarding the engagement. An engagement letter would address the matters in paragraph considered when accepting the engagement and set out management’s responsibilities for the assumptions and for providing the auditor with all relevant information and source data used in developing the assumptions The auditor should obtain a sufficient level of knowledge of the business to be able to evaluate whether all significant assumptions required for the preparation of the prospective financial information have been identified. The auditor would also need to become familiar with the entity’s process for preparing prospective financial information, for example, by considering the following: The internal controls over the system used to prepare PFI and the expertise and experience of the preparers of PFI. The nature of the documentation prepared by the entity supporting management’s assumptions. The extent to which statistical, mathematical and computer-assisted techniques are used. The methods used to develop and apply assumptions. o The accuracy of PFI prepared in prior periods and the reasons for significant variances. 9.3 PRACTITIONERS PROCEDURES The general matters to be considered in the evaluation of PFI are as follows: 1. Obtain knowledge on the nature and background of the company’s business – review the company’s character and recent history (nature of activities, products, markets, customers, suppliers, locations etc.) 2. Obtain knowledge of accounting policies applied by the company and ensure that they have been consistently applied in the preparation of PFI. 188 ASSURANCE 3. Review the appropriateness of the procedures followed by the company in the preparation of PFI and perform audit tests on the PFI. Attention should be directed to the accounting bases used, the accuracy of calculations of forecasts by considering the following matters: Whether the forecast under review is based on forecasts regularly prepared for management use or whether it has been separately prepared for immediate purpose. Consider the degree of accuracy and reliability of such forecasts if these are usually prepared, and also the level of reliance placed upon them and the frequency with which estimates are revised. Obtain managements representation on their view as to the reasonableness of forecasts and the level of achievement that can be obtained The details of the procedures used to generate the forecasts and the extent of the level of detail that is obtained to support the items that are summarised in the PFI. Obtain management view as to the level of profits that are derived from activities that display a well-defined trend and from those that are more irregular. Evaluate the PFI to ensure that they take into account material effects of some extraordinary items and events. Verify how the PFI are geared for risk and whether adequate provision is made for foreseeable losses and contingencies. Consider whether working capital appears adequate for the requirements under the PFI. Check the mathematical accuracy of the forecasts and verify material items to documentation that support the assumptions made on them. 9.4 General guidance given by International Standard on Assurance Engagements (ISAE) 3400 is as follows: When determining the nature, timing and extent of examination procedures, the Practitioner’s considerations should include: The likelihood of material misstatement; The knowledge obtained during any previous engagements; Management’s competence regarding the preparation of prospective financial information; The extent to which the prospective financial information is affected by the management’s judgment; and The adequacy and reliability of the underlying data The Practitioner would assess the source and reliability of the evidence supporting management’s best-estimate assumptions. Sufficient appropriate evidence supporting such assumptions would be obtained from internal and external sources including consideration of 189 ASSURANCE the assumptions in the light of historical information and an evaluation of whether they are based on plans that are within the entity’s capacity The Practitioner would focus on the extent to which those areas that are particularly sensitive to variation will have a material effect on the results shown in the prospective financial information. This will influence the extent to which the Practitioner will seek appropriate evidence. It will also influence the Practitioner’s evaluation of the appropriateness and adequacy of disclosure. Some additional procedures are applied in testing some specific types of PFI, these are explained below: 9.4.1 Profit and cash forecasts Verify the validity of projected income to suitable evidence, e.g. current market prices for the products or service. Verify projected expenditure figures to appropriate evidence, the Practitioner would seek to review the following: 1. Quotations or estimates provided by suppliers. 2. Current bills for similar services or products used by the company. 3. Market rate prices and rates for the products or services to be used. 4. Interest rate assumptions verified to bank rates. 5. Other costs to correspond with related items in the PFI, e.g. depreciation to relate to capital expenditure. Review the forecasts to ensure that the timing of inflows and outflows included is reasonable. 9.4.2 Capital expenditure Verify the reasonableness of capital expenditure included in the PFI by referring to prevailing market prices of capital items. Examine whether commitments placed to date agree with forecast figures, are there any current authorisations 9.4.3 Revenue Consider historic trend, current orders – through order book and whether it supports midterm sales forecasts Consider results of market and market analysis or conducting one, i.e. can market support revenue increases 190 ASSURANCE 9.5 Expressing an Opinion Prospective financial information relates to events and actions that have not yet occurred and may not occur. While evidence may be available to support the assumptions on which the prospective financial information is based, such evidence is itself generally future oriented and, therefore, speculative in nature, as distinct from the evidence ordinarily available in the audit of historical financial information. The Practitioner is, therefore, not in a position to express an opinion as to whether the results shown in the prospective financial information will be achieved. Further, given the types of evidence available in assessing the assumptions on which the prospective financial information is based, it may be difficult for the Practitioner to obtain a level of satisfaction sufficient to provide a positive expression of opinion that the assumptions are free of material misstatement. Consequently, in this ISAE, when reporting on the reasonableness of management’s assumptions the Practitioner provides only a moderate level of assurance. However, when in the Practitioner’s judgment an appropriate level of satisfaction has been obtained, the Practitioner is not precluded from expressing positive assurance regarding the assumptions. ISAE 3400 suggests that the Practitioner may express an opinion including: A statement of negative assurance – assurance about something in the absence of any evidence to the contrary. An opinion as to whether the PFI is properly prepared on the basis of the assumptions and relevant Financial Statement framework. Appropriate caveats as to the achievability of the forecasts. When the Practitioner believes that the presentation and disclosure of the prospective financial information is not adequate, the Practitioner should express a qualified or adverse opinion in the report on the prospective financial information, or withdraw from the engagement as appropriate. An example would be where financial information fails to disclose adequately the consequences of any assumptions which are highly sensitive. When the Practitioner believes that one or more significant assumptions do not provide a reasonable basis for the prospective financial information prepared on the basis of bestestimate assumptions or that one or more significant assumptions do not provide a reasonable basis for the prospective financial information given the hypothetical assumptions, the Practitioner should either express an adverse opinion in the report on the prospective financial information, or withdraw from the engagement. The report by a Practitioner on an examination of prospective financial information should contain the following: Title, addressee and the identification of the prospective financial information. 191 ASSURANCE A reference to the ISAE or relevant national standards or practices applicable to the examination of PFI. A statement that management is responsible for the PFI including the assumptions on which it is based. When applicable, a reference to the purpose and/or restricted distribution of the prospective financial information. A statement of negative assurance as to whether the assumptions provide a reasonable basis for the PFI. An opinion as to whether the prospective financial information is properly prepared on the basis of the assumptions and is presented in accordance with the relevant financial reporting framework. Appropriate caveats concerning the achievability of the results indicated by the prospective financial information. Date of the report which should be the date procedures have been completed, Practitioner’s address; and signature. Chapter Summary PFI has relevance guidance which covers the various stages of a PFI assignment. The key issues in accepting a PFI engagement include the intended use of the information, the level of distribution of information, the nature of assumptions used and information being examined and reported. The procedures that must be performed on prospective financial information relate to profit and cash forecasts, capital expenditure and revenue. The key issues that must be reported on PFI are: negative assurance is provided on preparation methods and assumptions used. Appropriate coveats are included on achievability of forecasts. End of chapter Questions 1. What is prospective financial information? 2. What standard provides guidance regarding PFI engagements What should the practitioner consider when being appointed? 192 ASSURANCE CHAPTER 10: RISK MANAGEMENT Topic List 1. 2. 3. 4. 5. 6. 7. Introduction; Definition of risk; Business risks categories; Concept of risk management; Assurance on risk management; Chapter summary; and End of chapter questions. Learning Outcomes By the end of this chapter students should be able to: Describe the risk management framework; Explain the importance of risk management in the achievement of corporate goals; and Describe the process that would enable a professional accountant provide assurance on effectiveness of risk management. 193 ASSURANCE 10.1 Introduction Risks as per their nature prevent organisations from achieving their objectives. It therefore, follows that proper management of risks would maximise chances of achieving corporate goals. To enhance credibility to the risk management process stakeholders in the operations of any entity may seek an independent review of the process. Such stakeholders will be comforted with an independent opinion on how adequate the risk management process is hence the need for explicit assurance in this area. This chapter will explain the risk management concept and how assurance may be provided to enhance credibility of the process. 10.2Definition of risk Risks may broadly be defined as events or factors that would prevent an objective from being achieved. It therefore, follows that business risks are events or factors that threaten the survival of a business. For example, if lack of foreign currency such as a dollar would affect importation of raw materials, then non-availability of dollars is a risk to a manufacturing business. The manufacturing business exists to maximise shareholders value through production and sale of products produced from raw materials. Failure to produce products due to scarcity of foreign currency in this case will result in non-achievement of business objectives. 10.3Business risk categories Business risks may affect the organisation at strategic or operational level. Strategic risks are risks that relate to the fundamental decisions that are taken about the future of the organisation while operational risks relate to matters that can affect day to day business. The categorisation of risks into strategic and operational is therefore, in relation to risk level. Risks may also be categorised according to the class under which the event belong. Such different classes of risks may fall under strategic or operational risk, depending on how it affects the business. If the class of risk affects strategic goals then it is said to be strategic risk while if it only affects the day to day operations, it may be referred to as operational risk. Strategic risks The most significant risks are those that affect corporate strategy including resources concentration, mergers and acquisitions and exit strategies. These may impact on products, prices, costs and sources of finance. Factors that may give rise to strategic risks include: State of economy Actions of competitors and the possibility of mergers and acquisitions Stage in a product’s life cycle, higher risks in the introductory and decline stages Dependence upon inputs with fluctuating prices for example oil Significance of technology to the business Flexibility of production processes to adapt to different specifications or products 194 ASSURANCE Operational risks Operational risk is an event or factor that may negatively affect corporate objectives due to failure of internal business and control processes. Such risks may include: Human error Fraud Loss of key personnel Non - compliance with internal procedures Information technology failure Classes of risks Risks can be classified in different ways and some of the categories include: a) Compliance risks: Are risks of legal sanctions, material financial loss, or loss to reputation an entity may suffer as a result of its failure to comply with statutory regulations and/or standards of best practice. The risks may be in relation to products or governance matters. Typical examples include: Minimum technical standards that the goods must meet, e.g noise levels, contents and packaging size. Restrictions on promotional messages. Pricing regulations. Board composition. The law may stipulate a minimum number of non-executive directors. Fit and proper regulations: the law may state minimum qualifications for managers and directors. b) Financial risks: Risks associated with financing, including financial transactions that include company loans in risk of default. It is a term often used to imply risk associated with uncertainty of a return and the potential for financial loss. It is an umbrella term that include a number of specific risks like: Funding risks: Long-term sources of finance being unavailable or ceasing to be available. Liquidity risks: The risk of loss due to mismatch between cash inflows and outflows Cash flow risks: Relate to volatility of entity’s day to day operating cash flows. Gearing risks: Risks of financial difficulty through taking on excessive commitments connected with debt. Credit risk: The risk arising from failure of company debtors to meet their obligations on time. c) Technological risks: The risk that the company or stakeholders may suffer service disruptions or incur losses arising from system defects such as failures, faults, or incompleteness in computer operations, or illegal or unauthorized use of computers. Specific risks may include physical damage risks, systems integrity risks, fraud risk and denial of service attack. d) Market risks: Are risks that the value of an investment will decrease due to movement in market factors such as inflation and foreign exchange rates. e) Environmental risks: Risks of loss to the business arising out of the environmental effects of its operations. Some industries such as agriculture, chemical engineering and 195 ASSURANCE transportation have the greatest direct impact on the environment and so face the most significant risks. f) Currency risk: The possibility of loss or gain due to future changes in exchange rates. There are three types of currency risks: Transaction risk: arising from exchange rate movements between the time of entering into an international trading transaction and the time of cash settlement. Translation risk: the changes in balance sheet values of foreign assets and liabilities arising from retranslation at different prevailing exchange rates at the end of each year. Economic risk: the effect of exchange rate movements on the international competitiveness of the organisation, e.g in terms of relative prices of imports/exports, the cost of foreign labour e.tc g) Interest rate risks: Risks arising from movement in interest rates of financial products. h) Fraud risk: Risk of loss through the fraudulent activities of employees or other stakeholders. i) Reputation risk: Loss of reputation caused by adverse consequences. For example, bad publicity. 10.4Concept of risk management Risk management is a systematic process of understanding, evaluating and addressing risks to maximise the chances of objectives being achieved. Organisations manages risks in different ways, however a systematic approach has proved to be efficient and effective. A systematic approach entails establishing structures which would enable the entity to identify the risks it is facing and be able to define an approach relevant to the treatment of such risks. 10.5Risk management models The need for a systematic approach to risk management has brought about different models of managing risks. However, the most common model globally has been COSO model on Enterprise Risk Management. Another well-known model on risk management is ISO 31000. The models provide guidance on how risks can be managed and are tools for effective risk management. Throughout this chapter reference will be made to the COSO framework on Enterprise Risk Management. 10.6 Risk management framework While models on risk management have provided direction on the process of managing risk not much has been mentioned of the framework in which such risks can effectively be managed. However, most corporate governance codes and reports do provide guidelines about effective structures that may assist in implementing a risk management process. A few codes that may be mentioned include Cadbury code, King report and Malawi code. These codes recommend establishment of defined structures within which risk management can be implemented. Recommended structures include: Development of risk management policy 196 ASSURANCE Formulation of a board committee responsible for risk management Establishment of risk management function Constituting a risk management working group Risk management policy The policy: Outlines the approach to risk management Defines responsibilities of various stakeholders in risk management It is recommended that the policy should be approved by the board in order to receive full support from those assigned to implement its provisions. Board committee Organisations are encouraged to have a dedicated committee responsible for risk management matters. However, most organisations prefer to use audit committee of the board for any issues relating to risk management. The roles of such a committee may include: Review the risk management policy and strategy Review how risk management strategy is communicated throughout the company to ensure it is embedded as part of the company’s corporate culture Review reports from management, internal auditors, external auditors, regulators and consultants as appropriate, regarding risks the company faces and how such risks are managed Review management’s implementation of the company’s risk treatment and mitigation procedures 10.7 Risk management process According to COSO enterprise risk management consists of eight interrelated components. These are derived from the way management runs an enterprise and are integrated with the management process. These components are: a) Internal Environment: The internal environment encompasses the tone of an organisation, and sets the basis for how risk is viewed and addressed by an entity’s people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. b) Objective Setting: Objectives must exist before management can identify potential events affecting their achievement. Enterprise risk management ensures that management has in place a process to set objectives and that the chosen objectives support and align with the entity’s mission and are consistent with its risk appetite. c) Event Identification: Internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities. 197 ASSURANCE Opportunities are channelled back to management’s strategy or objective-setting processes. d) Risk Assessment: Risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed. Risks are assessed on an inherent and a residual basis. e) Risk Response: Management selects risk responses – avoiding, accepting, reducing, or sharing risk – developing a set of actions to align risks with the entity’s risk tolerances and risk appetite. f) Control Activities: Policies and procedures are established and implemented to help ensure the risk responses are effectively carried out. g) Information and Communication: Relevant information is identified, captured, and communicated in a form and timeframe that enable people to carry out their responsibilities. Effective communication also occurs in a broader sense, flowing down, across, and up the entity. h) Monitoring: The entirety of enterprise risk management is monitored and modifications made as necessary. Monitoring is accomplished through ongoing management activities, separate evaluations, or both. 10.8Benefits of risk management The following are key benefits derived from risk management: a) Creation of more risk focused culture for the organisation b) Standardised risk reporting c) Improved focus and perspective on risk d) Efficient use of resources e) Effective coordination of regulatory and compliance matters 10.9Assurance on risk management A review of the risk management framework including the process may be conducted with the aim of providing assurance to stakeholders that risks are adequately managed. Generally, risk analysis requires specialized expertise which a professional accountant acting as an auditor is not expected to have available. This expertise usually lies elsewhere within the organization or with outside experts. Consequently, the auditor is not expected to examine and comment on the risk analysis itself. Rather, the auditor's primary role is to ascertain whether or not the methods and procedures used were appropriate and conform to the policies and guidelines which make up the entity's approach to risk management. The auditor's secondary role is to ensure that any identified deficiencies are dealt with and that follow-up takes place. Issues should be raised with the expectation that apparent problems can be dealt with and opportunities can be fully pursued. The auditor's role is less to report on the deficiencies in risk management than to ensure that any deficiencies identified are dealt with. Auditors should also ensure that good practices are being shared within the organization. 198 ASSURANCE In many situations, the auditor will identify apparent problems when determining whether or not the various procedures have been followed correctly. It is important to recognize that it may not be cost-effective nor efficient for staff to exactly follow a given procedure. Staff must be allowed to exercise their discretion and to weigh the associated costs and benefits of following a given procedure and, on the basis of this analysis, make a decision on the degree to which a procedure is followed. Specific audit objectives may include: a) Risk Management Program: To determine whether risk management program is well designed in conformance with best practice. b) Risk Management Process: To determine whether risks are identified, assessed, mitigated and monitored. c) Integration of Risks into Business Processes: To determine whether risk management is integrated into the strategic and operational planning processes, and into employee’s dayto-day activities. d) Risk Reporting and Accountability: To determine whether risk management program results are communicated to internal and external stakeholders, and whether managers are held accountable for results. Audit procedures for review of risk management may include: a) Assessment of whether key risk management structures or tools are in place. Matters like risk management policy, board committee responsible for risk management, availability of risk management function or manager responsible for risk management needs to be in place. b) Verification that all managers are aware of the key risks facing their processes in accordance with the risk management policy. c) Assessment of the depth of managers’ understanding of the risk identification process based on their awareness. d) Verification that managers have assessed the key risks to the organization resulting from the various risks identified. e) Assess the completeness and accuracy of the managers' risk assessment. f) Verification that managers have developed a series of risk-minimization, cost-effective options. g) Assessment whether or not the control measures introduced were cost-effective. Some thought should be given to alternative uses of the resources expended and, in particular, beneficial opportunities which may have existed during the same time period. Reporting on the audit of risk management would take a form of a detailed report to management highlighting any deficiencies noted in the course of the review and an assurance report to the board through a relevant board committee. The assurance provider needs to express an opinion as to how adequate risk management is and any serious shortfalls may also be presented to the board for information. Management is expected to implement recommendations made by the assurance provider in order to improve risk management processes. Chapter summary 199 ASSURANCE Risk management is an important aspect of good business management. Businesses fail to achieve their objectives due to negative impact of risks therefore, it follows that management of risks that the business faces maximizes chances of achieving corporate objectives. There are different classes of risks and occur at two level of strategic or operational. Since risk management is an integral part of directing and controlling an organisation there is need for assurance that it conducted in an efficient and effective matter. It is on this basis that a professional accountant acting as either internal or external auditor may be called upon to provide assurance. End of Chapter Questions a) Explain the role of an auditor in risk management. b) State the type of risks that affect the long term goals of an organisation. c) Which category of risk arises from sources of finance? d) What is the purpose of reporting to the board after an independent review of risk management? 200 ASSURANCE CHAPTER 11: CORPORATE GOVERNANCE Topic List 1. 2. 3. 4. Introduction; Definition of corporate governance; Principles of corporate governance; Roles of key stakeholders in corporate governance; 5. Systems in corporate governance; 6. Elements of corporate governance; 7. Malawi Code of corporate governance; 8. Importance of corporate governance; 9. Procedures in examining corporate governance; 10. Reporting on corporate governance assessments; 11. Chapter summary; and 12. End of chapter questions. Learning Outcomes By the end of this chapter, you should be able to: Define corporate governance; Explain the key principles to corporate governance systems; Describe the systems of corporate governance; Describe the elements of corporate governance; Describe the provisions of the Malawi code of corporate governance; Explain the importance of corporate governance; Describe the roles of the board, management and shareowners; and Explain the procedures required to plan, execute and report on a corporate governance assurance assignment. 201 ASSURANCE 11.1 Introduction A well governed entity has high chances of achieving its objectives. This chapter defines and explains the key principles and elements of good corporate governance system, outlines the importance of corporate governance, describes the roles of the board, management and shareowners, lists the demands of the Malawi Code of corporate governance, and finally details the procedure to be followed to plan, execute and report on a corporate governance assurance assignment. 11.2 Definition of Corporate Governance Several individuals and institutions have defined corporate governance. In this manual Corporate Governance will be defined as a system of structures and processes to direct and control companies. Corporate governance facilitates the leadership and control of the entity in the sense that it: distributes the rights and responsibilities among the companies’ stakeholders and articulates the rules and procedures for making decisions on corporate affairs; and provides the structure for defining, implementing and monitoring a company’s goals and objectives, and ensuring accountability to appropriate stakeholders. The rest of this chapter will explain a number of structures and processes which are necessary to run a company efficiently and effectively. 11.3 Key Principles of Corporate Governance The key principles of corporate governance include transparency, accountability, fairness, responsibility and reputation. Principles are the reasons why companies or institutions need corporate governance. It is therefore, important that all stakeholders in the company not only understand these principles but also believe in them. Otherwise, if these are not understood and embraced, corporate governance cannot bring about the change and therefore, the benefits that are accrued to it. This will be true in situations where stakeholders do not understand and accept the principles but undertake corporate governance for the sake of complying with requirements. The five principles of corporate governance are explained as follows: 8.2.1 Transparency. Transparency means providing information about activities, plans, actions to stakeholders that are entitled to. In good corporate governance, directors should clarify to shareowners and other key stakeholders why every material decision has been made. This is accomplished by ensuring timely, accurate disclosure on all material matters, including the financial situation, performance, ownership and corporate governance. This does not include disclosing the company secrets. The main reason why transparency is important is that it reduces potential conflicts between the owners of companies and the managers of those companies. Most companies are not 202 ASSURANCE managed by the owners. The owners simply provide capital and lose control of it in the sense that they appoint directors who in turn employ managers to run the day to day business of the company. Transparency therefore, ensures that managers show how the owners money has been used in the company. Similarly, reassures investors in the sense that they get confidence that the company has been well run. 11.2.2 Accountability. Accountability is about explaining how powers or authority and resources entrusted have been used. Directors should be held accountable for their decisions to shareowners, and, in certain cases, key stakeholders, submitting themselves to rigorous scrutiny. In turn, management should also be accountable to the board. Producing financial statements and making them available to the entitled stakeholders is one way how directors and management can account for their decisions and also how they have used financial and other resources entrusted to them. 11.2.3 Fairness. The Board should consider Key stakeholder views when making decisions with a sense of justice and avoidance of bias or vested interests. The Board and management should apply fair practice in their dealings with stakeholders and adhere to the spirit not just the letter of all rules and regulations that govern the organisation. The organisation should provide effective redress for violations. 11.2.4 Responsibility. Responsibility means management accepting the credit or blame for governance decisions. It implies clear definition of the roles and responsibilities of the roles of senior management. To this end, directors should carry out their duties with honesty, probity and integrity. They should exercise independent judgement when making decisions. Honest and probity relates not only to telling the truth, but also not misleading shareowners and other stakeholders. Lack of probity includes not only obvious examples of dishonesty such as taking bribes, but also reporting information in a slanted way that is designed to give an unfair impression. Integrity can be taken as meaning someone of high moral character, who sticks to strict moral or ethical principles no matter the pressure to do otherwise. In working life, this means adhering to the highest standards of professionalism and probity. Straight forwardness, fair dealing and honest relationships with different people and constituents. Trust is vital in relationships and belief in the integrity of those with whom you are dealing with underpins this. Thus integrity is an underlying principle of corporate governance. All those in agency relationships should posses and exercise absolute integrity. To fail to do so breaches the relationship of trust. 203 ASSURANCE Exercising independent judgement, is another key ingredient of a responsible board. Judgement means that the board making decisions that enhance the prosperity of the organization. This means that the board members must acquire a broad knowledge of business and its environment to be able to provide meaningful direction to it. For management to be held properly responsible, organisations should ensure that procedures and structures are in place so as to minimize, or avoid completely, potential conflict of interests that could arise. In addition, there must be a system in place that allows for corrective action and penalizing mismanagement. 11.2.5 Reputation Reputation defines an organisation as well as the individuals associated with that organisation. The Board must manage reputation risk. Good practices ensure a good reputation. Bad practices can destroy a reputation overnight. Consequences of poor reputation include: suppliers and customers unwillingness to deal with the organisation for fear of being victims of sharp practice; inability to recruit high quality staff; fall in demand because of consumer boycotts; increased public relations costs because of adverse stories in the media; increased compliance costs because of close attentions from regulatory bodies or external auditors; and loss of market value because of a fall in investor confidence. 11.3 Roles of Key Stakeholders in Corporate Governance 11.3.1 Key Stakeholders There are three key stakeholders in the corporate governance system set up. These are the shareowners, directors and managers. Supporting these stakeholders are the external and internal audits. External auditors are there to give an opinion and assurance to the shareowners on the financial statements that will have been produced by management. On their part, internal auditors provide a continuous assurance to the board on the effectiveness of internal controls that management will have instituted. Both external and internal auditors are discussed at length in the earlier chapters of this manual. Corporate governance issues, among these key stakeholders, arise from the roles of agency and stewardship. Agency involves the transfer of capital from shareowners to the control of managers. Stewardship refers to the directors’ role as guardians of the company’s assets. The shareowners, through the board, delegate authority to management and entrust the board to act on their behalf. 204 ASSURANCE For example if you buy shares in any of the listed companies in Malawi say ABC Limited, you become a shareowner in ABC Limited. ABC Limited has a board of directors who are elected by you, shareowners during the annual general meeting. The board members are ones that are given the powers [entrusted]to run the company. However, in practice they do not manage the company themselves but employ managers who are in charge of the day to day running of ABC Limited. It is these managers who control and use the money in running the company. These agency and stewardship roles are important when a company’s owners are different from its managers. This separation of ownership and control functions within a company inevitably leads to the managers being made responsible for the spending of other people’s money. For an effective relationship to be maintained between the providers of money and company managers, high levels of trust must exist between both. The board serves as a conduit between the two. Figure 1 summarises the key stakeholders and their relationships. Report to Appoint Shareowners Report to Oversee Board Management 11.3.2 Key Roles of Key Stakeholders The following are the key roles of the key stakeholders: 11.3.2.1 Shareowners 205 ASSURANCE Provide capital which is used to run the company by managers. Appoint directors during the annual general meeting who are responsible for safeguarding the company’s assets. Dismiss directors. 11.3.2.2 Employ managers who are responsible for running the company. Lead and give direction to managers on the running of the company. To accomplish this role, the board undertakes a number of responsibilities including: developing the company’s purpose (mission), vision, values; guiding strategy; monitoring the effectiveness in the company’s governance practices; ensuring that appropriate controls are in place; and overseeing disclosure, communications. Monitor and oversee the work of managers. 11.3.2.3 Directors Managers Run the day to day affairs of the company. Employ staff to assist them in managing the affairs of the company. Implement board (strategic) plan. 11.3.2.4 Internal Auditors They provide assurance to the board that the internal controls instituted by management are adequate and working. 11.3.2.4 External Auditors They provide assurance to shareowners that the financial statements prepared by management truthfully represent the transactions that took place during the period and also the financial position of the company as at the end of the period. 11.4 Systems in Corporate Governance Corporate governance subsists in a variety of systems. These systems include laws, regulations and rules, corporate governance codes, articles of association, the board, codes of ethics, and policies and procedures. These are explained in detail as follows: 11.4.1 Laws, Regulations and Rules Good corporate governance demands that a company abides by all the laws, regulations and rules applicable in the environment in which it is operating. Examples of these in Malawi include Company’s Act, Taxation Act, Employment Act, Pensions Act, Health and Safety, Consumer Protection Act, Stock Exchange Regulations, Fair Competition among others. 11.4.2 Corporate Governance Codes 206 ASSURANCE In Malawi, there is the Malawi Code II, issued by the Institute of Directors in Malawi, which companies and institutions have to abide by. This is the code of best practice that gives guidance on corporate governance in the country. Other codes on corporate governance are the King report of South Africa, the Combined report of UK, and the Cadbury Report also of UK. 11.4.3 Articles of Association These are rules that govern the internal relationships of a company. In this context, internal players are the board, management and shareowners. Issues covered include the share capital and its variations, transfer of shares, general assembly [annual general meeting], shareowners votes, borrowing powers, disqualification of directors, board proceedings, appointment and duties of corporate secretary, issuance of dividends, company reserves, and accounts and audit. 11.4.4 The Board 11.4.4.1 Board charter Corporate governance systems demand that every board must have a board charter. The board charter details the board’s responsibilities, composition, selection, leadership, compensation, meeting procedures, committees and relationship with investors, employees, customers, media and others. 11.4.4.2 Board types Boards are divided into two. Namely: one-tier or unitary and two tier or dual. One tier or unitary board is composed of executive and non-executive members. The board delegates the running of the day-to-day business to a Chief executive officer, management team. This governance structure may facilitate strong leadership and efficient decisionmaking. Non executive directors, however, play a crucial role in providing an external perspective and additional expertise. This system is typical for companies based in countries with common law tradition e.g US, UK and many commonwealth countries. Two tier or dual board has distinct supervisory and management bodies. The former is commonly referred to as the supervisory board, the latter as management board. Under this system, the company’s day-to-day management is given by law to the management board, which is then overseen by the supervisory board. The supervisory board’s control function is typically limited to certain transactions that are either regulated by law or identified in the company’s articles of association; its main role is to focus on the company’s long term strategy. The advantage of the two tiered system is a clear separation of roles and responsibilities but the disadvantage is that it is slow and inefficient in decision making. 207 ASSURANCE 11.4.4.3 Board committees These are aids to the board. They focus on specialized areas of responsibilities which are technical in nature. They, however, do not substitute the board and neither do they have executive powers. The number of subcommittees which a company board can come up depends on the nature of the business and the size of the company. In this manual, three subcommittees will be looked at in terms of their roles, namely, the audit, remuneration, and governance and nomination committees. 11.4.4.3.1 Audit Committee. Some of the roles include: Approves or recommends the approval of the appointment of external auditors and oversees their relationship with the company. Monitors the effectiveness of, and receives regular reports from, the internal audit function. Reviews financial statements, procedures, and systems of internal control over financial reporting. Reviews arrangements for compliance with the requirements of regulators. Receives reports on the operation of the company’s “whistleblower” arrangements. Reviews the company’s risk-management framework. 11.4.4.3.2 Remuneration Committee Considers matters relating to board and executive remuneration. Approves changes to incentive and benefits plans applicable to senior managers. May be involved with remuneration decisions for the entire company. 11.4.4.3.3 Governance and nomination committee Considers matters relating to corporate governance, including the composition of the board and the appointment of new directors. Oversees the annual performance evaluation of the board, its committees, and the individual directors. Reviews strategic human resource decisions and succession plans for the chairman and other key board and executive positions. 11.4.4 Codes of Ethics Corporate governance requires that every company or institution should have a code of ethics which should direct the behavior and operations of that institution. Ethics are discussed in more details later in this manual. 208 ASSURANCE 11.4.4. Policies and Procedures As part of fulfilling its transparency and accountability obligations but also to ensure that operations are run efficiently and effectively, every company must have written policies and procedures on all major aspects of its operations. For instance, finance, human resource etc. 11.5 Elements of Corporate Governance Elements of corporate governance that an institution or company committed to good corporate governance must embrace are summarised in table 1. Element of Good Corporate Governance Good board practices Control environment Transparent disclosure Well defined shareowners’ rights Board commitment Explanation Clearly defined roles and authorities Duties and responsibilities of directors understood Board is well structured Appropriate composition and mix of skills Appropriate board procedures Director remuneration in line with best practice Board self-evaluation and training Independent audit committee established Risk management framework present Internal control procedures Independent external auditor conducts audits Management information systems established Compliance function established Financial information disclosed Non-financial information disclosed Financials prepared according to IFRS High quality annual report Web-based disclosure Minority shareowners’ rights are formalised Well organised general assembly Policy on related party transaction Clearly defined and explicit dividend policy The board discusses corporate governance issues and has created corporate governance committee The company has a corporate governance champion A corporate governance improvement plan has been created Appropriate resources are committed Policies and procedures have been formalised and distributed to relevant staff A corporate governance code has been developed The company is publicly recognised as a corporate governance leader 11.6 Malawi Code II: Code of Best Practice for Corporate Governance The Malawi Code II provides a set of overarching provisions that would apply to all organizations in Malawi. The main provisions focus on: 209 ASSURANCE Compliance with the code. These provisions should be applied in all organisations be they large, medium or small; in the private, public or not for profit. Owners. A list of specific responsibilities bestowed on them. One of them is to ensure that only competent and reliable persons with appropriate knowledge, skills and experience are elected to the board. Board structure. The unitary or one tier board structure is considered appropriate for Malawi. Role of the board. A comprehensive list of roles is provided. Some of them already included earlier in this chapter. Board evaluation. Good practice demand that an annual evaluation of the board in terms of mix of skills, experience of members, processes and performance of the board should be conducted. Board sub-committees. Boards should establish board sub-committee to deal with matters that can best be dealt in a smaller forum. Sufficient appropriate resources should be provided in order for them to undertake their duties. The chairman. The chairman should be non executive. Members of the board. Should exercise reasonable care, skill and diligence. Non-executive members of the board. Should be independent in character and judgement, and also should not take part in the day to day running of the company. Appointment of the board. Should be appropriate for the organisation taking into account good governance and the requirements for the organisation to meet its goals and ensure its long term sustainability. Remuneration of the board. Remuneration should be appropriate to the organisation and should take into account the long term sustainability of the organisation. Training and development of the board. New members should be inducted; existing members should acquire broad knowledge of the organisation, statutory and regulatory requirements, their roles and responsibilities, practical and theoretical developments affecting the environment in which the organisation operates. Company secretary. Organisations should have access to a competent company secretary to tender secretarial services to the organisation. The appointment and removal of the company secretary should be a matter for the board as a whole. Related party transactions. Organisations should identify, manage and document related party transactions. Risk management and internal controls. The board should be responsible for the governance of risk Ethics. Organisations should ensure that they act ethically. Good citizenship. When making decisions, an organisation should consider the impact of its decisions on its stakeholders, environment and society as a whole. Sustainability. Organisations should conduct their operations in a manner that meets existing needs without compromising the ability of future generations to meet their needs. External communication. Organisations should consider making regular, timely, balanced and understandable statements about their activities, performance and future prospects. Integrated reporting and auditing. Organisations should produce financial statements appropriate to them. Sustainability reporting and disclosure should be integrated with the 210 ASSURANCE organisation’s financial reporting. The audit should be done by an independent external auditor, who is provided with the opportunity to raise matters directly with the board. Students are encouraged to read the full details of each of the requirements itemized above to get a full understanding of what is required according to the Code. 11.7 Importance of Corporate Governance There are many benefits that accrue to a company, entity or even a country that practices good corporate governance. For instance, good corporate governance attracts investors by assuring them that the business environment is fair and transparent, company directors will be held accountable for their actions and that all business contracts made by the company can be enforced. As such, companies (including countries) that have good corporate governance systems are associated with the following benefits: 11.7.1 Improves Access to External Financing Good corporate governance systems encourage global investors [including financers], both local as well as external, to invest in that well governed company or country. 11.7.2 Lowers the Cost of Capital Investors that are provided with high levels of disclosures by well governed companies are likely to provide capital to those well governed companies at a lower rate, reflecting the investors’ improved knowledge of the company’s strategy and performance. 11.7.3 Improved Operational Company Performance Sustainable wealth creation within the company can only be brought about through good management, systems and procedures, entrepreneurship, innovation, and better allocation of resources. Better corporate governance adds value by improving the performance of companies through more efficient management, better asset allocation, and improvements in productivity. 11.7.4 Increases Firm Valuation Many researchers have identified the existence of a “corporate governance premium” i.e. an additional price that investors will pay for shares in well governed companies. In addition, some researchers have identified superior share performance by well governed companies. 11.7.5 Reduced Risk of Corporate Crises and Scandals Companies with good corporate governance practices will, by definition, have a better riskmanagement system, which is more likely to cope with corporate crises and scandals, than 211 ASSURANCE those without. These systems include enterprise risk management, disaster recovery systems, media management techniques and business continuity procedures. 11.8 Procedures for Assessing Corporate Governance Assessment of corporate governance in Malawi, in the private sector (profit making) is not very common, except in some selected industry like banks, insurance and the like. Most private companies simply disclose in their financial reports the extent to which they have complied with requirements of corporate governance. Those that voluntarily comply and disclosure their corporate governance practices are mostly motivated by the need to exploit the benefits of corporate governance discussed earlier on in this chapter. However, in the public sector and more so in the nonprofit making organizations, it is common mostly because of funding requirements. The procedure for assessing corporate governance is similar to other assurance assignments which are governed by ISAEs. The following is the simplified procedure that should be followed when assessing corporate governance of an entity. The engagement must be planned and performed with a degree of professional scepticism, recognising that the subject matter might be materially misstated. Throughout the exercise, the practitioner must follow the IFAC code of conduct and more so during the execution of the assignment. Appropriate procedures for quality control of the practitioner’s work must be applied to each engagement. The practitioner should use the Malawi Code II or King Code as criteria of measuring execution of corporate governance in an entity. The practitioner should gather evidence on corporate governance and reach a conclusion Identify areas of weaknesses and make recommendations. Before completion of an assurance engagement, the client may ask for the nature of the engagement to be changed to a ‘non assurance’ engagement, or for the level of assurance to be reduced. If this happens, the practitioner should consider whether the request is appropriate, and should not agree to the change unless there is a good reason. 11.9 Reporting on Corporate Governance Assessment The practitioner should use a report to formally report the result of their assurance engagement on corporate governance. The report should comprise: A title. Indicating that the report is an independent assurance report Addressee. The person or body to which the report is addressed Subject matter of the report. Suitable criteria that has been selected for assessment A statement that the use of the report must be restricted certain specified users, or that the use of the report should be restricted to a specific purpose for which it was prepared. A statement that the engagement was carried out in accordance with ISAEs 212 ASSURANCE A summary of the work performed The practitioners’ conclusion The date, name and address of the practitioner. 11.10 End of Chapter Summary Corporate Governance is a system of structures and processes to direct and control companies. Principles of corporate governance are transparency, accountability, fairness, responsibility, and reputation. Key stakeholders in corporate governance are shareowners, board and management. As stakeholders, internal and external audits give assurance to the board and shareowners respectively. Corporate governance subsists in a number of systems including laws, regulations, rules, articles of association, the board, corporate governance codes, codes of ethics, policies and procedures among others. Elements of corporate governance are good board practices, control environment, transparent disclosure, well defined shareowners rights, board commitment. The Malawi Code II provides a set of overarching provisions that would apply to all organizations in Malawi. The importance of corporate governance to companies (and nations) include improving access to external financing, lowers the cost of capital, improves financial and operational performance, increases company valuation and reduces risks of corporate crises. Corporate governance assessment and reporting to give assurance can be conducted in the same way as any other assurance assignment but it needs to be undertaken by a practioner who has knowledge in corporate governance. 11.11 End of Chapter Questions a) State any four key principles of corporate governance b) Describe how agency and stewardship roles arise in corporate governance c) Explain benefits that can accrue to a company that practices good corporate governance 213 ASSURANCE CHAPTER 12: INTERNAL CONTROLS Topic List 1. Introduction; 2. Definition of internal controls; 3. Components of internal controls; 4. Types of internal controls; 5. Systems and internal controls; 6. Reporting on internal controls; 7. Chapter summary; and 8. End of chapter questions. Learning Outcomes By the end of this chapter, candidates should be able to: Understand the use of internal control systems; Identify relevant controls to mitigate risks; Identify relevant tests of those controls; Evaluate internal control components; and Assess internal controls in a computerized environment. 214 ASSURANCE 9.1 Introduction The practitioner generally seeks to rely on the internal controls within the entity in order to reduce the amount of substantive testing. The initial evaluation of a client's system is essential as the practitioner gains an understanding of the entity. In this chapter, we shall look at some of the detailed requirements of ISA 315 with regard to internal controls, and shall also set out control issues the practitioner may come across. In this chapter we also look at the ways in which practitioners can document the internal control systems using narrative notes, flowcharts, questionnaires and checklists, focusing particularly on the use of questionnaires. The practitioners must understand the accounting system and control environment in order to determine their audit approach. 9.2 Definition of internal controls An internal control is any action taken by management to enhance the likelihood that established objectives and goals will be achieved with regard to effectiveness and efficiency of operations and compliance with applicable laws and regulations. Identifying and assessing the risks of material misstatement through understanding the entity and its environment points out that there is a direct relationship between an entity’s objectives and the controls it implements to provide reasonable assurance about their achievement, however, not all of the entity’s objectives and controls will be relevant to the practitioner’s risk assessment. The objective the practitioner is to review the existence, adequacy and operational effectiveness of internal control procedures over all key disciplines of the organisation. Having determined which controls are relevant, and are adequately designed to enhance the likelihood that established objectives and goals will be achieved the practitioner can then decide whether it is more efficient to seek reliance on those controls and perform tests of controls in that area, or more efficient to perform substantive testing over that area. If the controls are not adequately designed, the practitioner needs to perform sufficient substantive testing over that area in light of the apparent lack of control and increased risk. Any deficiencies are noted and, where appropriate, these will be communicated to management. It should be noted that internal controls can only provide reasonable assurance and not absolute assurance regarding the achievement of an organisation’s objectives. The COSO framework COSO's enterprise risk management framework provides a coherent framework for organisations to deal with risk, based on the following components: Internal environment Risk response Objective setting Control activities Event identification Information and communication Risk assessment Monitoring 215 ASSURANCE Nature of enterprise risk management We have seen that internal control systems should be designed to manage risks effectively. There are various frameworks for risk management, but we shall be looking in particular at the framework established by the Committee of Sponsoring Organisations of the Treadway Commission (COSO). COSO published guidance on internal control Internal Control – Integrated Framework in 1992. It published wider guidance on Enterprise Risk Management in 2004. In 2006 COSO issued Internal Control over Financial Reporting – Guidance for Smaller Companies. This guidance was designed to supplement the guidance in Internal Control – Integrated Framework, in the light of the requirement in s 404 of the Sarbanes-Oxley legislation for management of public companies to assess and report on the effectiveness of internal control over financial reporting. Enterprise risk management is a process, effected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity and manage risks to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. Internal control is a process effected by an entity’s board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories: Effectiveness and efficiency of operations Reliability of reporting Compliance with laws and regulations' COSO COSO states that enterprise risk management has the following characteristics. It is a process, a means to an end, which should ideally be intertwined with existing operations and exist for fundamental business reasons. It is operated by people at every level of the organisation and is not just paperwork. It provides a mechanism for helping people to understand risk, their responsibilities and levels of authority. It is applied in strategy setting, with management considering the risks in alternative strategies. It is applied across the enterprise. This means it takes into account activities at all levels of the organisation from enterprise-level activities such as strategic planning and resource allocation, to business unit activities and business processes. It includes taking an entity level portfolio view of risk. Each unit manager assesses the risk for his unit. Senior management ultimately consider these unit risks and also interrelated risks. Ultimately they will assess whether the overall risk portfolio is consistent with the organisation's risk appetite. It is designed to identify events potentially affecting the entity and manage risk within its risk appetite, the amount of risk it is prepared to accept in pursuit of value. The risk appetite should be aligned with the desired return from a strategy. It provides reasonable assurance to an entity's management and board. Assurance can at best be reasonable since risk relates to the uncertain future. It is geared to the achievement of objectives in a number of categories, including supporting the organisation's mission, making effective and efficient use of the organisation's resources, ensuring reporting is reliable, and complying with applicable laws and regulations. Because these characteristics are broadly defined, they can be applied across different types of organisations, industries and sectors. Whatever the organisation, the framework focuses on achievement of objectives. An approach based on objectives contrasts with a procedural approach based on rules, codes or procedures. A procedural approach aims to eliminate or control risk by requiring conformity with the rules. However a procedural approach cannot eliminate the possibility of risks arising because of poor management decisions, human error, and fraud or unforeseen circumstances arising. 216 ASSURANCE Framework of enterprise risk management The COSO framework of enterprise risk management consists of eight interrelated components. Components Explanation Internal or control This covers the tone of an organisation, and sets the basis for how environment risk is viewed and addressed by an organisation's people, including risk management philosophy and risk appetite, integrity and ethical values, and the environment in which they operate. The board’s attitude, participation and operating style will be a key factor in determining the strength of the control environment. An unbalanced board, lacking appropriate technical knowledge and experience, diversity and strong, independent voices is unlikely to set the right tone. The example set by board members may be undermined by a failure of management in divisions or business units. Mechanisms to control line management may not be sufficient or may not be operated properly. Objective setting Event identification Risk assessment Risk response Line managers may not be aware of their responsibilities or may fail to exercise them properly. Objectives for the entity should be in place and the chosen objectives should support and align with the entity's mission. The board must take a high-level view of how much risk it is willing to accept and ensure that this risk appetite is consistent with objectives. Risk tolerance, the acceptable variation around individual objectives, also needs to be aligned with risk appetite. Both internal and external events which affect the achievement of an entity's objectives must be identified, distinguishing between risks and opportunities. The organisation needs to pay attention both to occurrences that could disrupt operations and also dangers to the achievement of strategic objectives. Organisations must also have processes in place to identify the risks arising from one-off events and more gradual trends that could result in changes in risks. Risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed. The analysis process should clearly determine which risks are controllable, and which risks are not controllable. The COSO guidance stresses the importance of employing a combination of qualitative and quantitative risk assessment methodologies. As well as assessing inherent risk levels, the organisation should also assess residual risks left after risk management actions have been taken. Risk assessment needs to be dynamic, with managers considering the effect of changes in the internal and external environments that may render controls ineffective. Management selects risk responses such as avoidance, reduction, transfer, or acceptance which are used to develop a set of actions 217 ASSURANCE to align risks with the entity's risk tolerances and risk appetite. It is important to take an organisation-wide view of risk response as well as considering responses to individual risks. The risk responses chosen must be realistic, taking into account the costs of responding as well as the impact on risk. An organisation’s environment will affect its risk responses. Highly regulated organisations, for example, will have more complex risk responses and controls than less regulated organisations. Control activities or Policies and procedures are established and implemented to help procedures ensure the risk responses are effectively carried out. COSO guidance suggests that a mix of controls will be appropriate, including prevention and detection and manual and automated controls. COSO also stresses the need for controls to be performed across all levels of the organisation, at different stages within business processes and over the technology environment. Information and Relevant information is identified, captured and communicated in Communication a form and timeframe that enable people to carry out their responsibilities. The information provided to management needs to be relevant and of appropriate quality. Effective communication should be broad – flowing up, down and across the entity. There needs to be communication with staff. Communication of risk areas that are relevant to what staff do is an important means of strengthening the internal environment by embedding risk awareness in staff’s thinking. There should also be effective communication with third parties such as shareholders and regulators. Monitoring Risk control processes are monitored and modifications are made if necessary. Effective monitoring requires active participation by the board and senior management, and strong information systems, so the data senior managers need is fed to them. COSO has drawn a distinction between regular review (ongoing monitoring) and periodic review (separate evaluation). However weaknesses are identified, the guidance stresses the importance of feedback and action. Weaknesses should be reported, assessed and their root causes corrected. COSO’s Internal Control - Integrated Framework Internal control has five interrelated components as follows: Control (Internal) Environment Risk Assessment Control Activities Information and Communication Monitoring Activities 218 ASSURANCE In obtaining an understanding of internal control, the practitioner must understand the design of the internal control and the implementation of that control. In the following sub-sections, we look at each of the elements of internal control. 1.1 Control environment The control environment reflects the attitude and actions of the board and management regarding the significance of controls within the organisation. The control environment sets the tone of an organisation, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values and competence of the entity’s people; management’s philosophy and operating style; the way management assigns authority and responsibility, and organises and develops its people; and the attention and direction provided by the board of directors. A strong control environment does not, by itself, ensure the effectiveness of the overall internal control system, but can be a positive factor when assessing the risks of material misstatement. A weak control environment can undermine the effectiveness of controls. Control environment and control procedures The internal control framework comprises the control environment and control procedures. It includes all the policies and procedures (internal controls) adopted by the directors and management of an entity to assist in achieving their objective of ensuring, as far as practicable, the orderly and efficient conduct of its business, including: Adherence to internal policies The safeguarding of assets The prevention and detection of fraud and error. The accuracy and completeness of the accounting records Internal controls may be incorporated within computerised accounting systems. However, the internal control system extends beyond those matters which relate directly to the accounting system Aspects of control environment Control environment aspects (such as management attitudes towards control) will nevertheless be a significant factor in determining how controls operate. Controls are more likely to operate well in an environment where they are treated as being important, competent people are committed to follow an organisation’s policies and procedures and its ethical and behavioural standards. Policies should be in place to promote best practice for example in procurements, evaluations, recruitment, training, promotion and compensation. Matters to consider when assessing the effectiveness of the control environment The following should be considered, however the list is not exhaustive: Communication and enforcement of integrity and ethical values Commitment to competence 219 ASSURANCE Participation by those charged with governance Management's philosophy and operating style Organisational structure Assignment of authority and responsibility Human resource policies and practices 1.2 Identification & evaluation of entity’s risks and control objectives Defining risk assessment Risk assessment is a systematic process for identifying and evaluating events (i.e. possible risks and opportunities) that could affect the achievement of objectives, positively or negatively. Such events can be identified in the external environment (e.g., economic trends, regulatory landscape, and competition) and within an organization’s internal environment (e.g., people, process, and infrastructure). When these events intersect with an organization’s objectives—or can be predicted to do so—they become business risks. Business risk is therefore defined as “the possibility that an event will occur and adversely affect an entity’s ability to execute its strategies and the achievement of its objectives. Assurance providers, particularly practitioners focusing on the financial statements, are interested in business risk because issues which pose threats to the business may in some cases also be a risk of the financial statements being misstated. For example, if the sales department is pressured to meet the sales targets, management might be tempted to manipulate the financial statement. It should be noted that not all business risks have a direct impact on the financial statements, for example, the risk that production does not meet quality control requirements of customers does not directly impact upon financial statements however the risk that invoices are not properly booked does. Risk assessment process Assessing the risk assessment process will also take place during audit risk assessment, as identifying business risk that management have identified will assist practitioners in identifying audit risk as well. From the control perspective, the practitioners will have to evaluate each aspect of this process. The risk assessment process will involve the following: Identifying business risks relevant to financial reporting objectives Estimating the significance of the risks Assessing the likelihood of their occurrence Deciding upon actions to address those risks If the entity has established such a process, the assurance provider shall obtain an understanding of it, however If there is not a process, the assurance provider shall discuss 220 ASSURANCE with management whether relevant business risks have been identified and how they have been addressed. Risk Assessment recognizes that for an entity to exercise effective controls, it must establish objectives and understand the risks it faces in achieving those objectives. Management should understand the implications of relevant risks that might hinder progress toward its objectives, and then management should provide a basis for managing those risks. The COSO framework outlines several areas of focus that should be considered in order to establish an effective Risk assessment process. These include the following: Area of focus Entity-Wide Objectives Activity Level Objectives Risks Company expectation Broad statements of what an entity desires to achieve, supported by strategic plans. Effective Communication of those objectives (to board and employees). Consistency of Strategy and Objectives. Consistency of business plans & budgets with entity wide objectives, strategic plans, and current conditions. (Unit) Activity (unit) level objectives should link to entity-wide objectives and strategic plans. Activity level objectives should be consistent and complementary. Objectives are established for each significant business process area (where relevant). Adequate resources exist to achieve objectives. Prioritization of objectives to ensure achievement of entity objectives. Involvement in all levels of management in objective setting, to ensure Consideration of external and internal factors that could impact achievement of objectives (with risk analysis, to provide management a basis for managing the risks). Adequate mechanisms to identify risks externally and internally. Identification of risks for each activity (unit) objective(s). Thoroughness and relevance of the risk analysis process 1.3 Information and communication processes Pertinent information must be identified, captured and communicated in a form and timeframe that enables people to carry out their responsibilities. Information systems produce reports, containing operational, financial and compliance related information, that make it possible to run and control the business. They deal not only with internally generated data, but also information about external events, activities and conditions necessary to informed business decision-making and external reporting. Effective communication must also occur in a broader sense, flowing down, across and up the organisation. All personnel must receive a clear message from top management that control 221 ASSURANCE responsibilities must be taken seriously. They must understand their own role in the internal control system, as well as how individual activities relate to the work of others. They must have a means of communicating significant information upstream. There also needs to be effective communication with external parties, such as customers, suppliers, regulators and shareholders. The practitioner shall also obtain an understanding of how the entity communicates financial reporting roles and responsibilities and significant matters relating to financial reporting. 1.4 Control activities Control activities are those policies and procedures that help ensure that management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity’s objectives. Control activities occur throughout the organisation, at all levels and in all functions. Types of controls Control activities include those activities designed to prevent or to detect and correct errors. Control activities may be manual or automated. Preventative controls These controls attempt to deter or prevent undesirable events from occurring. They are proactive controls that help to prevent a loss. Examples of preventative controls are segregation of duties, proper authorisation, adequate documentation and physical control over assets Detective / Corrective controls Detective also known as corrective controls attempt to detect and/or correct undesirable acts. They provide evidence that a loss has occurred but to not prevent a loss from occurring. Examples of detective controls are audits, reviews, analyses, reconciliations, physical and inventories count. Examples of internal controls They include a range of activities as diverse as approvals, authorisation, verifications reconciliations, and reviews of operating performance, security of assets and segregation of duties. Control Activity Authorisation Approvals (Preventative) Explanation / Approval of a transaction means that the approver has reviewed the supporting documentation and is satisfied that the transaction is appropriate, accurate and complies with applicable laws, regulations, policies and procedures. Transactions should be approved by an appropriate person, i.e., Approvers should consider the transaction 222 ASSURANCE Reconciliations (Detective) Reviews (Detective) Limiting physical access to assets and records (Preventative and Detective) Controls computerised applications over Checking the arithmetical accuracy of records Segregation of duties (Preventative and Detective) authorisation matrix whenever they are approving the transactions. For example, purchase of a major capital asset should be approved by the Managing Director. Reconciliations involve comparison of a specific balance in the accounting records with what another source says the balance should be, for example, a bank reconciliation. Differences between the two figures should only be reconciling items. To ensure proper segregation of duties, the person who approves transactions or handles cash receipts should not be the person who performs the reconciliations The main objectives of reconciliations is to timely resolve differences Reconciliations should be documented, reviewed and approved by management. All copies should be filed for future references A review highlights and explains any unexpected variances. This reduces the likelihood of errors or deliberate misstatement. For example a review of fuel consumption per generator. Management’s review of reports, statements, reconciliations, and other information should be documented and the resolution of issues noted should be noted for follow-up. Only authorised personnel should have access to certain assets (particularly valuable or portable ones) e.g. ensuring that the inventory stores is locked unless store personnel are there. Departments with capital assets or significant inventories should establish perpetual inventory control over these items by recording purchases and issuances. Passwords over computer programs and data files will ensure only authorised personnel can access them. For example, a password over a billing system prevents unauthorised adjustments to customer bills. For example, checking to see if individual invoices have been added up correctly. Segregation implies a number of people being involved in the accounting process. This makes it more difficult for fraudulent transactions to be processed (since a number of people would have to collude in the fraud), and it is also more difficult for accidental errors to be processed (since the more people are involved, the more checking there can be). Segregation should take place in various ways: (a) Segregation of function. The key functions that should be segregated are the carrying out of a transaction, recording that transaction in the accounting records and maintaining 223 ASSURANCE custody of assets that arise from the transaction. (b) The various steps in carrying out the transaction should also be segregated 1.4.1 Internal controls in a computerised environment The internal controls in a computerised environment include both manual procedures and procedures designed into computer programs. Such control procedures comprise two types of control, general controls and application controls. General IT controls: are policies and procedures that relate to many applications and support the effective functioning of application controls by helping to ensure the continued proper operation of information systems. They commonly include controls over data centre and network operations, system software acquisition, change and maintenance, access security, and application system acquisition, development and maintenance. Examples include the following: General Control Development of computer applications Prevention or detection of unauthorised changes to programs Testing and documentation of program changes Example Standards over systems design, programming and documentation Full testing procedures using test data Approval by computer users and management Segregation of duties so that those responsible for design are not responsible for testing. Installation procedures so that data is not corrupted in transition. Training of staff in new procedures and availability of adequate documentation Segregation of duties Full records of program changes Password protection of programs so that access is limited to computer operations staff Restricted access to central computer by locked doors, keypads Maintenance of programs logs Virus checks on software: use of anti-virus software and policy prohibiting use of nonauthorised programs or files Back-up copies of programs being taken and stored in other locations Control copies of programs being preserved and regularly compared with actual programs Stricter controls over certain programs (utility programs) by use of read-only memory Complete testing procedures Documentation standards Approval of changes by computer users and management Training of staff using programs 224 ASSURANCE Controls to prevent wrong programs or files being used Controls to prevent unauthorised amendments to data files Controls to ensure continuity of operation Operation controls over programs Libraries of programs Proper job scheduling Password protection Restricted access to authorised users only Storing extra copies of programs and data files off-site Protection of equipment against fire and other hazards Back-up power sources Disaster recovery procedures e.g availability of back-up computer facilities. Maintenance agreements and insurance The practitioners will wish to test some or all of the above general IT controls, having considered how they affect the computer applications significant to the audit. General IT controls that relate to some or all applications are usually interdependent controls, ie their operation is often essential to the effectiveness of application controls. As application controls may be useless when general controls are ineffective, it will be more efficient to review the design of general IT controls first, before reviewing the application controls. Application controls: are manual or automated procedures that typically operate at a business process level. They can be preventative or detective in nature and are designed to ensure the integrity of the accounting records. Accordingly, they relate to procedures used to initiate, record, process and report transactions or other financial data. The purpose of application controls is to establish specific control activities over the accounting applications in order to provide reasonable assurance that all transactions are authorised and recorded, and are processed completely, accurately and on timely basis. Examples include the following: Application Control Controls over input: Completeness Controls over input: accuracy Example Manual or programmed agreement of control totals Document counts One-for-one checking of processed output to source documents Programmed matching of input to an expected input control file Procedures over resubmission of rejected controls Programmes to check data fields (for example value, reference, number, date) on input transactions for plausibility: Digit verification (eg reference numbers are as expected) Reasonableness test (eg sales tax to total value) Existence checks (eg customer name) Character checks (no unexpected characters used in reference) Necessary information (no transaction passed with gaps) 225 ASSURANCE Permitted range (no transaction processed over a certain value) Manual scrutiny of output and reconciliation to source Agreement of control totals (manual/programmed) Controls over input Manual checks to ensure information input was: authorisation Authorised Input by authorised personnel Controls over processing Similar controls to input must be in place when input is completed, for example, batch reconciliations. Screen warnings can prevent people logging out before processing is complete Controls over master files and One-to-one checking standing data Cyclical reviews of all master files and standing data Record counts (number of documents processed) and hash totals (for example, the total of all the payroll numbers) used when master files are used to ensure no deletions Controls over the deletion of accounts that have no current balance 1.5 Monitoring of controls Monitoring of controls is a process to assess the effectiveness of internal control performance over time. The purpose of monitoring is to determine whether internal controls exist, are adequately designed and operating efficiently and effectively. This is accomplished through ongoing monitoring activities such as, self-assessment, peer reviews and internal audits. On -going monitoring occurs in the course of operations. It includes regular management and supervisory activities and other actions personnel take in performing their duties. The scope and frequency of separate evaluations will depend primarily on an assessment of risks and the effectiveness of ongoing monitoring procedures. Internal control deficiencies should be reported upstream, with serious matters reported to top management and the Board. Diagrammatically the COSO framework may be summarised as follows: 226 ASSURANCE Inherent limitations of internal controls A control system, no matter how well conceived and operated, can provide only reasonable, not absolute, assurance that the objectives of the control system are met. Further, the benefits of controls must be considered relative to their costs. Because of the inherent limitations in all control systems, no evaluation of controls can provide absolute assurance that all control issues and instances of management override or improper acts, if any, have been detected. These inherent limitations include the realities that judgments in decision making can be faulty, and that breakdowns can occur because of simple errors or mistakes. Additionally, controls can be circumvented by the individual acts of some persons, by collusion of two or more people, or by management override of the control. The design of any system of controls is also based in part upon certain assumptions about the likelihood of future events, and there can be no assurance that any design will succeed in achieving its stated goals under all potential future conditions. Because of the inherent limitations in a cost-effective control system, misstatements due to management override, error or improper acts may occur and not be detected. Any resulting misstatement or loss may have an adverse and material effect on our business, financial condition and results of operations. Ultimately, a company’s approach to control will depend on the Board’s appetite for risk, its attitude and the corporate philosophy. The COCO framework A slightly different framework is the criteria of control or COCO framework developed by the Canadian Institute of Chartered Accountants (CICA). Purpose The COCO framework stresses the need for all aspects of activities to be clearly directed with a sense of purpose. This includes: Overall objectives, mission and strategy. Management of risk and opportunities. Policies. Plans and performance measures. The corporate purpose should drive control activities and ensure controls achieve objectives. Systems and internal controls There are several techniques for recording the system controls. One or more of the following may be used depending on the complexity of the system. Narrative notes Questionnaires Flowcharts Checklists 227 ASSURANCE In respect of questionnaires, you should note that there are two types, each with a different purpose. Internal Control Questionnaires (ICQs) are used to ask whether controls exist which meet specific control objectives. Internal Control Evaluation Questionnaires (ICEQs) are used to determine whether there are controls which prevent or detect specified errors or omissions. The specific controls for each major transaction system (Revenue and receivable, Procurement, Cash and Bank, payroll, purchases and payables, inventory management and Revenue & Capital expenditure) are examined below: 1. Revenue and Receivable system The sales system can be diagrammatically presented as follows: The tests of controls in the sales system will be based around: Selling (authorisation) Goods outwards (custody) Accounting (recording) Assertion Occurrence and existence Control objective Controls Test of controls To ensure that one Segregation of duties. Observe and evaluate person is not whether proper responsible for taking segregation of duties is orders, recording operating. 228 ASSURANCE sales and receiving payment. To ensure that Sales are only recorded sales recorded if there is transactions represent an approved sales goods or services order form and provided. shipping/despatch documentation Accounting for numerical sequences of invoices. Monthly customer statements sent out and customer queries and complaints handled independently. For a sample of sales invoices ensure there is a related sales order form that has been authorised and shipping documentation. Examine application controls for authorisation Review and test entity's procedures for accounting for numerical sequences of invoices. Review entity's procedures for sending out monthly statements and dealing with customer queries and complaints. Review entity's To ensure that goods Authorisation of procedures for and credit terms to granting credit to services are only customers (senior customers supplied to customers staff authorisation, Examine a sample of with good credit references/credit sales orders for ratings checks for new evidence of proper customers, regular review of credit credit approval by the appropriate senior limits) staff member. Authorisation by senior staff required for changes in other customer data such as address etc. Orders not accepted unless credit limits reviewed first. To ensure that goods Authorised price and services are lists and specified provided at terms of trade in 229 ASSURANCE Examine application controls for credit limits. Review all new customer files to ensure satisfactory credit references have been obtained. Verify that price lists and terms of trade are properly documented, authorised prices and place on authorised terms. Completeness Accuracy Cut-off Classification authorised communicated. and To ensure that Examine application customers are controls for authorised encouraged to pay prices and terms promptly. To ensure that all Accounting for Review and test revenue relating to numerical sequences entity's goods of invoices. procedures for dispatched is accounting for recorded numerical sequences of invoices For a sample of To ensure that all Shipping/despatch goods documentation is shipping/despatch ensure and services sold are matched to sales documents, each has been matched correctly invoiced invoices. to a related sales that was Sales invoices are invoice reconciled to the subsequently recorded. daily sales report. Review a sample of An open-order file is reconciliations performed. maintained and reviewed regularly Inspect the open-order file for unfilled orders To ensure that all Sales invoices and Review supporting sales Matching documents documents for a and adjustments are required for all sample correctly journalised, entries and the date of sales entries to summarised and and reference of the ensure they contain the posted entry are written on written details that to the correct each document. indicate they were accounts referred to when entered To ensure that All shipping Compare dates on sales transactions have documentation is invoices with dates of been recorded in the forwarded to the corresponding shipping correct period. invoicing section on a documentation. daily basis. Compare dates on sales Daily invoicing of invoices with dates recorded in the sales goods shipped. ledger To ensure that all Chart of accounts Inspect any transactions are (COA) in place and is documentary evidence properly regularly reviewed of review (such as classified in accounts for appropriateness. emails requesting Codes in place for update to COA as a 230 ASSURANCE different types products. of result of review). Test application controls for proper codes. 1.1 The procurement system Below is a standard procurement process flow chart The tests of controls in the procurement system will be based around: Buying (authorisation) Goods inwards (custody) Accounting (recording) Assertion Control objective Controls Occurrence To ensure that recorded purchases represent goods and services received. Authorisation Inspect policies and procedures and procedures and inquire policies in place for about them. ordering goods and Observe and evaluate and existence 231 ASSURANCE Test of controls services. segregation of duties. Examine a sample of purchase orders to Purchase orders ensure they have been raised for each appropriately purchase and authorised. authorised by appropriate senior Review the delegated list of authority for personnel. purchases Approved purchase order for each receipt For a sample of GRNs, ensure there is a related of goods purchase order that it has been properly approved. Segregation of duties Staff receiving goods Observe receipt of check them to the goods by staff to confirm whether the purchase order. check is done. Stores clerks sign for Inspect a sample to goods received. confirm whether stores Purchase orders and staff undertake this GRNs are matched check. with the suppliers' invoices. Examine supporting documentation to ensure it has been matched for a sample of invoices Completeness To ensure that all purchase transactions that occurred have been recorded For a sample of purchase orders in the year ensure each has been matched to a related invoice that Periodic accounting was subsequently for pre-numbered recorded GRNs and purchase Review entity's orders. procedures for Independent check of Purchase orders and GRNs are matched with the suppliers' invoices. 232 ASSURANCE amount recorded in accounting for Prethe purchase journal numbered documents. Examine controls. application Examine documentation for evidence of this check Rights obligations ensure that and To recorded purchases represent the liabilities of the entity. Purchase orders and GRNs are matched with the suppliers' invoices Accuracy, classification valuation To ensure that and purchase transactions are correctly recorded in the accounting system. supporting Purchase orders and Examine GRNs are matched documentation for a with the suppliers' sample of invoices. invoices. Review a sample of invoices for evidence Mathematical accuracy of the the accuracy has been supplier's invoice is verified (eg signature or initials) and reverified. perform the check. Amount posted to general ledger is Review reconciliations reconciled to the for evidence of this check. purchases ledger. Examine supporting documentation to ensure it has been matched for a sample of invoices. 1.2 Revenue and Capital Expenditure The nature of a statement of financial position and statement of profit or loss means that it is important to classify capital and revenue expenditure correctly, or profit will be over or understated. The controls and tests outlined below are often considered and performed during the audit of noncurrent Assets as this is where the main issue of capitalisation occurs: Assertion Control objective Controls Authorisation To ensure that expenditure is properly authorised Orders for capital items should be authorised by appropriate levels of management. 233 ASSURANCE Test of controls Review policies and procedures in place. Examine a sample of orders for Order should be requisitioned on appropriate (different to revenue) documentation. Invoices should be approved by the person who authorised the order. Classification Completeness To ensure that expenditure is classified correctly in the financial statements as capital or revenue expenditure. To ensure that all non-current assets are correctly recorded in the accounting system Invoices should be marked with the appropriate general ledger code. Amount posted to general ledger is reconciled to the purchases ledger Capital items should be written up in the noncurrent asset register. The non-current asset register should be reconciled regularly to the general ledger and any differences investigated and resolved promptly appropriate authorisation. Inspect invoices to verify that the invoice has been appropriately approved. Inspect invoices to verify the invoice has the correct general ledger code marked on it Review reconciliations evidence of check. Review reconciliation to ensure it is regularly carried out, reviewed by a more senior person, and that all discrepancies are followed up and resolved on a timely basis. Characteristics of internal control systems The Turnbull report summarises the key characteristics of the internal control systems. They should: Be embedded in the operations of the company and form part of its culture. Be capable of responding quickly to evolving risks within the business Include procedures for reporting immediately to management significant control failings and weaknesses together with control action being taken 234 ASSURANCE for this The Turnbull report goes on to say that a sound system of internal control reduces but does not eliminate the possibilities of losses arising from poorly-judged decisions, human error, deliberate circumvention of controls, management override of controls and unforeseeable circumstances. Systems will provide reasonable (not absolute) assurance that the company will not be hindered in achieving its business objectives and in the orderly and legitimate conduct of its business, but won't provide certain protection against all possible problems. Reporting on internal controls International Standard on Auditing (ISA) 265 Communicating deficiencies in internal control to those charged with governance sets out guidance on reporting internal control deficiencies. Deficiencies noted (findings) are building blocks of every report. They are the by-product of the practitioner’s field work but not a primary objective. Findings are the source from which all opinions and recommendations for improvement flow. The practitioner shall communicate with those charged with governance any material deficiencies in the design, implementation or operating effectiveness which have come to their attention during the course of the review. The report to management may also be referred to management letter or letter on internal controls. The Practitioners shall ensure that their findings are fully developed and no unanswered questions exist in the minds of the readers. The following should be considered: 1. Principles 1.1 Findings begin to emerge when one compares ‘‘what is’’ with ‘‘what should be’’. 1.2 The first step toward development of an audit finding occurs when practitioners identify the difference between what actually exists (Condition) and what it should be (Criteria). 2. Attributes of well-developed finding 2.1 Practitioners shall ensure that all findings meet the following five attributes 2.1.1 Condition, i.e. ‘what is’, or “what the practitioner found”; 2.1.2 Criterion, i.e. “what should be” or “what is required”; 2.1.3 Risk/Implication, i.e. “so what?”, “how is the company affected?” 2.1.4 Cause, i.e. why it happened; 2.1.5 Recommendation (what should be done? Or an action plan) 3. Condition 3.1 The condition identifies the nature and extent of the finding or unsatisfactory condition and answers the question: “what was wrong?” 3.2 The Practitioner shall ensure that all facts making up the condition are accurate, well supported and worded as clearly and as precisely as possible. 3.3 Practitioners shall develop adequate knowledge of the evidence they have uncovered and clearly distinguish between fact and conjecture. 3.4 The practitioner should be able to back the condition with words like ‘‘I know, because I saw, because I checked, because I verified, etc’’. 4. Criterion 4.1 The practitioner should be in a position to convince the client and other readers of the report that the criterion used is appropriate and valid. If the wrong criterion is applied or if the right criterion is misinterpreted, the comparison will be defective. 4.2 Examples of criteria may include: 235 ASSURANCE 4.3 4.2.1 Applicable government laws and regulations (e.g. Communications Act, Employment Act, License Regulations, etc). 4.2.2 Generally Accepted Accounting Principles/International Accounting Standards; 4.2.3 Policies and procedures, contractual agreements, company objectives, etc In other cases, the criterion to use may be “prudent management practice” or “good industry practice”, the definition of which must come from the practitioner’s professional knowledge and experience. The practitioner must be certain that their idea of sound business practice is more than personal preference or what they are used to. 5. Risk / Implication 5.1 Risk/Implication identifies the real or potential impact of the condition and answers the question. 5.2 Including the risk adds the sense of seriousness to the finding and the sense of urgency to the corrective action recommended. 5.3 In determining the risk of a condition, the first question to ask is “who has been or may get hurt”? If the answer is “no-one”, then the condition (finding) should be left in the working papers. If the answer is “customers, shareholders, management, employees, or others”, the practitioner should determine who and if possible, to what extent. 5.4 If the effect will thwart the objectives of the reviewed unit or function, or an organization as a whole, or result in penalties/legal action, that condition should also be considered significant. 5.5 Useful measures of effect such as efficiency, economy, risk and exposure may make a greater impact if reported in quantitative terms e.g. kwacha, volume of transactions, etc. 5.6 Though the effect of one condition may be insignificant, but combined with other similar conditions may be symptomatic of a significant problem and worthy of reporting. 6. Cause 6.1 The practitioner shall determine and document the cause of the condition. 6.2 Errors and violations disclosed during the review should certainly be corrected but unless the client addresses and corrects the underlying problem (the cause), errors and violations will continue. 6.3 The practitioner shall look out for several minor findings with the same cause which if uncorrected could result in a major problem. This may reveal a problem before it becomes a problem. 7. Recommendation 7.1 The practitioner should be able to recommend specific actions to correct the underlying problem as well as the errors and deficiencies disclosed. 7.2 If it is impractical to recommend specific corrective action, the practitioner shall make a more general recommendation. 7.3 The practitioner shall ensure that the relationship between the cause/risk of the condition and the recommendation is clear and logical. 236 ASSURANCE Chapter Summary A client’s internal control is a process designed to provide reasonable, but not absolute assurance that the following entity objectives will be achieved: reliable financial reporting, effective and efficient operations, compliance with laws and regulations. A client’s internal control consists of five interrelated components: control environment, risk assessment, control activities, information & communication and monitoring. The practitioners must understand the accounting system and control environment in order to determine their audit approach. The practitioners shall assess the adequacy of the systems as a basis for the financial statements and shall identify risks of material misstatements to provide a basis for designing and performing further audit procedures. The practitioners must keep a record of the client's systems which must be updated each year. This can be done through the use of narrative notes, flowcharts, questionnaires or checklists. If the practitioners believe the system of controls is strong, they may choose to test controls to assess whether they can rely on the controls having operated effectively and reduce the amount of substantive testing End of chapter questions 1. What is the control environment? 2. What is meant by risk assessment? 3. What control activities are applicable to a financial statement audit? 4. What knowledge about the “information and communication” should a practitioner obtain? 5. What is meant by monitoring? 6. Is there a relationship between internal control objectives and components? 7. What are the potential benefits of IT to internal control? 8. What risks does IT pose to internal control? 9. What are the procedures used to obtain an understanding of internal control? 10. What are tests of controls? 237 ASSURANCE CHAPTER 13: ENVIRONMENTAL AUDIT Topic List 1. Introduction; 2. Business activities and the environment; 3. Environmental auditing; 4. History of environmental auditing; 5. Environmental auditing and environmental impact assessment (EIA); 6. Different types of audit; 7. Why carry out an environmental audit; 8. Benefits and costs of environmental auditing; 9. Role of an environmental audit within an environmental management system; 10. External social and environmental reporting; 11. Environmental audit methodology; 12. Full cost accounting; 13. Chapter summary; and 14. End of chapter questions. Learning Outcomes By the end of this chapter, you should be able to: Recognise the effects of business activities on the environment and vice versa Define environmental audit and know its origin; Describe and assess the social and environmental effects that economic activity can have (in terms of social and environmental ‘footprints' and environmental reporting); Identify the benefits an organisation would gain from carrying out an environmental audit; Outline the role of an environmental audit within an organisation’s environmental management system (EMS); Explain and assess the concept of 'full cost' accounting; Describe the main features of internal management systems underpinning environmental management accounting such as EMAS and ISO 14000; 238 ASSURANCE 13.1 Explain and assess the typical contents of a social and environmental report, and discuss the usefulness of this information to stakeholders; Explain the nature of social and environmental audit and evaluate the contribution it can make to the development of environmental accounting. Introduction This chapter introduces environmental auditing. Concepts on which environmental auditing is based are covered first. These include the relationship between organisations and the environment within which they operate, and the problems this can cause; public awareness; and sustainable development. Definition of environmental auditing is presented together with the key words associated with the subject. A brief history of environmental auditing is also provided. The last part of the chapter looks at the main reasons why organisations undertake environmental audits. Each of the reasons is discussed in turn, and the objectives and benefits of environmental auditing are analysed. The unit also introduces the concept of environmental management systems (EMSs) and how auditing fits within them. 1 Business activities and the environment Business activities are carried out within an environment. These activities affect the environment. The relationship between business organisations and the environment within which they operate can help us to understand the development of the concept of environmental auditing. This relationship exists at the macro-level and micro-level. Macrolevel is in terms of global developments in issues of environmental thinking and micro-level is at the local level. The relationship between organisations and the environment is bi-directional (or two-way). This means that business activities affect the environment and environment affects business activities. Organisations affect the environment in many ways. There are direct effects, for example accidental spillage of oil from the refinery may cause pollution of a watercourse; local air quality may decrease due to emissions released from the oil refinery’s stack and water and energy consumption. There are indirect effects as well, for example the environmental impact of the finished product − petrol or plastics; traffic generated by employees of the oil refinery may contribute to pollution on local roads, waste produced after the end of the product’s life and environmental taxes such as the Landfill Tax and the Climate Change Levy in the United Kingdom (UK) which have an impact on the cost structure of companies. Even though they 239 ASSURANCE are not direct environmental effects, they are environment-related economic effects designed to reduce the environmental impact of an organisation. The environment affects organisations in many ways, such as climatic changes and its relationship to fossil fuel use and laws aimed at protecting the environment (for example those governing air pollution) may place constraints upon an industry and require capital outlay for new equipment. Historically, environmental problems have often been created or aggravated by business and industry. Pollution of rivers and watercourses by sewage generated within urban areas has long been a problem, and growth in chlorofluorocarbon (CFC) pollution, the presence of dioxins in the food chain, and the burden of hazardous wastes are all evidence of the rapid rate at which industry has developed and the manner in which this has happened. The world’s first national public pollution control agency, the Alkali Inspectorate, was established in Britain in 1863 to control atmospheric emissions, primarily from the caustic soda industry. Most countries in the world now have substantial (and ever-increasing) amounts of environmental legislation, which aim to control the effects of organisations on the environment. At the European level, there is also the European Environment Agency (EEA), which aims to improve the quality of the environment in Europe through supporting national policies and monitoring and reporting on harmonised standards and regulations EU-wide. The United Nations Environment Programme (UNEP) and its various programmes, especially the Industry and Environment Programme in Paris, perform a similar, but global, role. 1.1 Impact on environment of economic activities Impact of economic activities on environment is in the form of environmental footprint and social footprint. Environmental footprint is the impact that a business's activities have upon the environment including its resource environment and pollution emissions. It concerns the environmental consequences of a business’s inputs and outputs. At an individual firm or business level environmental impact can be measured in terms of environmental costs in various areas. Much business activity takes place at some cost to the environment. A 1998 IFAC report identified several examples of impacts on the environment: Depletion of natural resources Noise and aesthetic impacts Residual air and water emissions Long-term waste disposal (exacerbated by excessive product packaging) Uncompensated health effects Change in the local quality of life (through for example the impact of tourism) With some of these impacts however, a business may be contributing negatively to the environment, but positively in other ways. An increase in tourism will provide jobs and other economic benefits to the community, but could lead to adverse effects on the environment as the roads become more crowded or because of infrastructure improvements. 1.2. Direct and indirect impacts Measures of impact can apply directly and narrowly to the organisation, or they can be applied more broadly to the indirect, associated impacts that it has. For a manufacturer, 240 ASSURANCE indirect measures could report on the forward and backward supply chains which it uses from sourcing its raw materials to bringing its products to market. A bank could include the environmental consequences of the activities it finances through its business loans. Reporting of indirect measures is however rare, as the other parties are primarily responsible for reporting the direct impacts that they have. Clearly also it would be particularly difficult for a bank to track the impacts of all of its business borrowers. 1.3 Impact on organisation of environmental costs In addition the IFAC report listed a large number of costs that the business might suffer internally: Direct or indirect environmental costs Waste management Remediation costs or expenses Compliance costs Permit fees Environmental training Environmentally driven research and development Environmentally related maintenance Legal costs and fines Environmental assurance bonds Environmental certification and labelling Natural resource inputs Record keeping and reporting Contingent or intangible environmental costs Uncertain future remediation or compensation costs Risk posed by future regulatory changes Product quality Employee health and safety Environmental knowledge assets Sustainability of raw material inputs Risk of impaired assets Public/customer perception 1.4 Social impacts of activities The Centre for Sustainable Organizations defines social footprint as the impact of an organisation on human, social and constructed capitals. Partly because of the publicity generated by reports like the recent WWF report, there is now significant focus on the environmental impact of business's activities. However corporate social responsibility does not start and end with the environment. Organisations need to consider other aspects of corporate social responsibilities. The definition of social footprint formulated by the Centre for Sustainable Organizations is measured in terms of impacts that arise from organisational activities. ‘Sustainability entails the maintenance and/or production of vital capitals as required ensuring human (and nonhuman) well-being.’ 241 ASSURANCE The definition concentrates on anthro capital which is created by people and can be produced at will – more can always be created. It is thus different from natural capital which humanity cannot reproduce. The focus is on providing enough resources to maintain levels of social capital. The Centre provides more details about the categories of capital given in the definition. The different types of capital are all used to take effective action and ensure their own well-being. Human: Personal health, knowledge, skills, experience, human rights, ethical entitlements. Relied on by individuals. Social: Social networks and mutually-held knowledge. Relied on by collectives Constructed: Material things such as tools, technologies, roads, utilities and infrastructures Again business strategies may have positive and negative consequences for social sustainability. A business that outsources production to a low-cost economy abroad may create new jobs and provide training and development opportunities for the employees in that country. However it may also be accused of exploiting those employees by paying them an insufficient wage. Also the jobs that may be lost in the business’s home country will have adverse social consequences such as increased unemployment and the need for benefits to support the unemployed. 2 Environmental auditing Environmental auditing is essentially an environmental management tool for measuring the effects of certain activities on the environment against set criteria or standards. Depending on the types of standards and the focus of the audit, there are different types of environmental audit. Organisations of all kinds now recognise the importance of environmental matters and accept that their environmental performance will be scrutinised by a wide range of interested parties. Environmental auditing is used to investigate, understand and identify the effects of business activities on the environment. When the effects are investigated, understood and identified the drive is to help improve existing human activities, with the aim of reducing the adverse effects of these activities on the environment. An environmental auditor will study an organisation’s environmental effects in a systematic and documented manner and will produce an environmental audit report. There are many reasons for undertaking an environmental audit, which include issues such as environmental legislation and pressure from customers. 2.1 Definitions and concepts Auditing, in general, is a methodical examination – involving analyses, tests, and confirmations – of procedures and practices whose goal is to verify whether they comply with legal requirements, internal policies and accepted practices. The International Chamber of Commerce (ICC) in 1989 defined environmental auditing as: management tool comprising systematic, documented, periodic and objective evaluation of how well environmental organisation, management and equipment are performing with the 242 ASSURANCE aim of helping to safeguard the environment by facilitating management control of practices and assessing compliance with company policies, which would include regulatory requirements and standards applicable. There are other definitions available, although the above definition is still seen as the industry standard. The key concepts, which occur in all the definitions, are as follows. Verification Audits: evaluate compliance to regulations or other set criteria. Systematic Audits: are carried out in a planned and methodical manner. Periodic Audits: are conducted to an established schedule. Objective: information gained from the audit is reported free of opinions. Documented: notes are taken during the audit and the findings recorded. Management tool: audits can be integrated into the management system (such as a quality management system or environmental management system). 3 History of environmental auditing Environmental auditing began in the USA in the early 1970s, when a handful of industrial companies, working independently and on their own initiatives, developed environmental auditing programmes as internal management tools to help review and evaluate the status of the company's operating units. It enabled managers to check compliance with local environmental laws and regulations national environmental laws and regulations corporate policies It was also regarded as an activity useful for avoiding prosecution or civil law suits under the increasing pressures from environmental legislation. The USA Securities and Exchange Commission (SEC) also played a role in the development of auditing, as they had reason to believe that certain trading companies had a high exposure to financial loss as a result of poor environmental performance. The SEC requested that environmental details should be presented in the end-of-year report and accounts along with financial information in order truly to represent the financial stability of those companies, such as US Steel, Occidental Petroleum and Allied Chemicals. In October 1979, the US Environmental Protection Agency (EPA) issued a draft report calling for independent, certified third-party 'auditors' who would visit plants, collect samples, perform analyses, and report results back to government authorities. This governmental auditing concept received considerable attention (and opposition) within industry, and never made it beyond the draft report stage. 243 ASSURANCE In the rest of the world, the evolution of environmental auditing was largely due to the influence of USA subsidiary companies operating abroad. In Europe, environmental auditing began in the chemical and petrochemical industries, largely as a reflection of the intrinsic environmental hazards of these businesses, but also as a result of their involvement with American operations. Environmental auditing only became widely accepted by industry in the late 1980s as a common management tool in developed countries, and is increasingly being applied in developing countries by both foreign and local industry. As businesses have realised the value of paying attention to environmental issues, the concept of environmental auditing itself has evolved to address wider issues than simply legal and regulatory compliance. The widening use of environmental audits reflects the broadening attitudes of organisations towards environmental issues in general, and the increasing pressures from investors, insurers, consumers, and other interested parties. Environmental auditing is therefore playing an increasingly common role in the management of organisations worldwide and, in some countries, governments have made (or are considering making) the practice a legal requirement. 4 Environmental auditing and environmental impact assessment (EIA) Environmental auditing should not be confused with Environmental Impact Assessment (EIA). Both environmental auditing and EIA are environmental management tools, and both share some terminology, for example, “impact”, “effect”, and “significant”, but there are some important differences between the two. Environmental impact assessment is an anticipatory tool, that is, it takes place before an action is carried out. EIA therefore attempts to predict the impact on the environment of a future action, and to provide this information to those who make the decision on whether the project should be authorised. EIA is also a legally mandated tool for many projects in most countries. Environmental auditing is carried out when a development is already in place, and is used to check on existing practices, assessing the environmental effects of current activities. Environmental auditing therefore provides a “snap-shot” of looking at what is happening at that point in time in an organisation. The International Organization for Standardization (ISO) has produced a series of standards in the field of environmental auditing. These standards are basically intended to guide organisations and auditors on the general principles common to the execution of environmental audits. These are addressed elsewhere in this module. 4.1 Elements of environmental audit Objective: Verify performance against these standards (e.g. company checks that it really has reduced emission to 10 tonnes/year). Coverage of environmental issues: Only issues for which standards exist (e.g. regulatory requirements, internal company standards, or good management practice). 244 ASSURANCE Frequency: Regularly and on a pre-planned cyclical basis. Geographic: Usually well-defined geographic boundaries, (e.g. limited to site, distribution companies or local planning authority). 4.2 Financial audits and environmental audits In addition, the term “audit”, coming from the financial sector, may suggest that financial audits (whose result typically is the Annual Report) and environmental audits are very similar. Some areas where they differ are highlighted in the table in 10.1 below. Financial audits Environmental audits Legal basis of audit Part of regulatory (legal) process, With few exceptions, environmental organisations have to perform it audits are voluntary affairs. Even the preparatory environmental review which is mandatory under ISO 14001 is voluntary as the standard is voluntary Performed annually Whenever the organisation decides Frequency to perform one Performed by external staff, certified Performed by external and/or Who does it to do so internal staff. Professional indemnity considerations, there are no legal requirements of auditors to be competent or trained, although professional bodies in many countries try to stop this Financial audits are based on Varies very much between auditors Methodology comparative standards which are and companies publicly available � �eneral Principles of Accounting etc. The results are public documents in Very few audits are public, although Access to the form of annual reports some results are often published in audit the Environmental Reports Auditors are partially liable for their With few exceptions that are Liability reports. They have to provide a negotiated between auditor and “true and fair” view of the financial auditee, there is no external liability statements implication in environmental audits 10.1: Distinctions between financial audits and environmental audits 5 Different types of audit The reasons for undertaking an environmental audit are many and varied. Some audits are carried out for an entire industry or company, while others are for a specific site. Some audits will endeavour to investigate all aspects of environmental performance, while others are narrowly defined. An environmental audit is essentially a process, and the way in which this process is facilitated will depend on what the organisation wishes to achieve from that audit, hence this requires the use of different types of audit. 245 ASSURANCE There are different terms that are used to describe the different names that represent various uses of environmental auditing. There are lots of different ways of defining these different types of audits and often different terms are used for the same sort of audit. Other terms used include: health and safety audit, minimisation audit (a form of issues audit, site audit), due diligence audit (a form of liability audit), activity or operational audit (e.g. across company departments or units, such as waste and energy management). The following terms must be noted. Compliance (or legislative) audit: A compliance (or legislative) audit aims to determine the degree of company compliance with current or prospective legislation or standards, including, for example, discharge consents. A liability (or transactional) audit: This is usually conducted prior to buying or selling a facility/land in order to identify potential liabilities, both financial and legal. Minimisation audit: This generally concentrates on a single issue, for example, waste or water, and seeks to identify ways to reduce the amount of waste produced, or water consumed. This may be the same as an issue audit which concentrates on a topic that has been identified as requiring further investigation, for example, packaging. Policy compliance audits: These are internal management tools used to determine the depth of compliance with company policy (internal standards in the list above). They should also act as a means of establishing future strategy. These audits have a similarity with legislative audits, in that, in both cases, compliance is being determined: in one case it is compliance with legal requirements, in the other, compliance with company environmental policies. Environmental management systems audits: These audits provide the means by which the effective operation of the system can be checked, and remedial action taken if necessary. 6 Why carry out an environmental audit Some environmental auditing programmes have been motivated by the occurrence of an environmental problem or incident, that is, a reactive response; others have been established in response to a desire to anticipate and head off potential problems, that is, the organisation takes a proactive stance. The incentives for environmental auditing, and the objectives an organisation will have in undertaking such an audit, have diversified since the early days of environmental auditing. This diversification reflects the increasing awareness of environmental issues, which is present in society as a whole, and the realisation by organisations of the need to integrate these issues into all aspects of their activities. There are a number of reasons why an organisation may wish to undertake environmental audits and these include the following: 6.1 Pressures from environmental legislation The early response of organisations to environmental issues was largely reactive, with the majority merely complying with, and not attempting to exceed, the requirements of regulations. Apparently the amount of environmental legislation in many countries worldwide has increased, and controls are likely to continue to be tightened in the future, companies do not only have to meet existing legislative requirements, but to look ahead and anticipate future developments. In addition, legislation is increasingly phrased so that there is 246 ASSURANCE the responsibility of organisations continuously to review and monitor their production processes and technology on environmental grounds. Companies can gain advantages if environmental legislation is anticipated. Companies that plan ahead and make provision for increasingly stringent environmental legislation can avoid unexpected costs in the future. Keeping legislative developments in mind when purchasing new equipment or planning new processes or products helps to ensure that organisations are not caught out. 6.2 Environmental liabilities and insurance costs Organisations naturally look for insurance to protect themselves against potential liabilities, including environmental liabilities. Organisations pay a premium to insure themselves against the potential costs of environmental damage arising from their operations, for example, the costs of remediation from pollution incidents such as oil spills. Insurers are in the business of assessing risks and, as the potential size and scope of environmental risks have been recognised by insurers, it has become increasingly difficult to obtain worthwhile insurance cover at an acceptable cost. 6.3 Investment decisions to buy facilities Major companies are becoming aware of the massive potential risks involved in acquiring land, which has already been contaminated, or acquiring a business that has a poor environmental performance. Costs associated with ground remediation, that is, rectifying any damage which may have been caused by pollution, and the capital cost of potential compensation claims for past mistakes can easily outweigh any financial advantage of an acquisition. In most other countries, it is increasingly standard practice, therefore, for purchasers to commission a pre-acquisition environmental study or to want to examine the reports from an organisation’s environmental audits. 6.4 Detailed investigation of specific issues Environmental audits should naturally identify areas of weakness; in fact, they are designed and implemented specifically to achieve this objective. An initial review of an organisation or site may reveal particular issues that require further investigation, and the organisation may then decide to undertake an audit with the specific objectives of concentrating on a particular topic, such as waste, energy, water use or packaging. An “issues” audit, focusing on the particular area of concern, can help to ensure that the organisation’s operations in this area are as efficient as possible. 6.5 Corporate image and marketing opportunities Many organisations have realised that there is real value in presenting a responsible stance towards the environment. Increasing public awareness of environmental issues and resulting consumer pressure means that companies which present an “environmentally friendly” image may be able to obtain a market advantage. 6.6 Environmental concern Environmental management is often about learning what the environmental implications are and finding ways in which these can be evaluated, documented, and subsequently eliminated. Many employees feel uneasy about their polluting behaviour at work, which may be in stark contrast to the environmental priorities of the same people outside work. Given that the environment has risen to such a prominent place in public concern, and has managed to stay 247 ASSURANCE there for several decades, many companies ask themselves whether their way of operating is in line with the strong environmental concern by the public (and the market). 6.7 Learning from past accidents A number of companies have caused environmental incidents that have triggered the stepchange towards greater environmental management. For many German companies this was the killing of the Black Forest due to acid rain and Chernobyl nuclear disaster, for BP the Deepwater Horizon oil spill in the Gulf of Mexico in 2010, among many others. Also, at a much smaller scale, having been fined for environmental misdemeanours or facing the prospect of liability is, in many cases, the starting point for a more preventive environmental programme. That company directors in the UK can be put into prison for breaches of some parts of environmental law is also an incentive for managers to consider environmental issues more coherently. In addition, the immediate threat is normally not triggering an environmental audit, but an environmental programme as the type of environmental misbehaviour is then quite obvious, which is often followed up by an audit to verify progress. 7 Benefits and costs of environmental auditing 7.1 Benefits 7.1.1 Increased management effectiveness To manage an organisation effectively, management must be aware of every aspect of the organisation’s operational procedures and processes. An environmental audit should reveal any weaknesses in the structures and, when these are rectified, the management can be confident that nothing has been overlooked and nothing unexpected is likely to occur. 7.1.2 Cost savings An environmental audit should identify opportunities for improvements in an organisation’s management, and this will often lead to savings in spending. This is particularly common in the case of “issues” audits, such as the water or waste audit. Reducing the amount of waste produced can therefore lead to savings, as the organisation has to dispose of a smaller quantity. An obvious way of minimising the amount of waste generated is to minimise inputs. Adopting a more efficient process could mean that fewer raw materials are required, and that the overall cost of raw materials is therefore reduced. Reductions in the amount of water required can also lead to savings, as organisations are almost always charged for their water usage. 7.1.3 Other areas Other areas where savings can be made include the possibility of reduced insurance premiums for good environmental performance referred to as environmental liabilities and insurance costs and reduced likelihood of unexpected pollution events, therefore less chance of incurring costly regulatory fines. 7.1.4 Less tangible benefits The benefits of environmental auditing so far described are largely financial, and can be measured directly. A range of less tangible benefits can also be identified, including: Increased awareness of environmental policies and responsibilities among the whole workforce Increased management confidence due to a feeling of security that the compliance (and safety) status of the plant is confirmed and documented 248 ASSURANCE Favourable publicity Improved relationship with regulatory authorities Better understanding of consumer demands 7.2 Disadvantages or costs of an environmental audit The disadvantages associated with carrying out an environmental audit include: Disruption of plant activity while the audit is carried out The cost of the exercise The possible perception by staff in the organisation that an audit is a negative process, which assesses their performance Most of these can be minimised or overcome by careful forward planning to ensure that the audit runs smoothly. Adopting an informal and approachable stance and pointing out the positive aspects of undertaking an audit can dispel any fears or misconceptions held by the staff. The cost of the audit can often be recovered by savings made through improvements identified in the audit and a number of auditing firms peg their fees to the savings made subsequently, or may operate on a “no gain, small fee” basis. 8 Role of an environmental audit within an environmental management system Environmental audits investigate the current environmental performance of an organisation. Audits therefore provide information on the activities at that moment in time. However it is important to note that, environmental auditing on its own cannot provide management with the assurance that environmental practices and performance not only have met, but will also continue to meet, legislative requirements and sound corporate policy commitments and expectations. One role of an environmental audit is to identify areas for improvement, but an audit does not, in itself, provide the means to implement changes. In order to do this, an environmental audit should be set in the framework of an environmental management system. An environmental management system (EMS) provides a mechanism for systematically managing the environmental effects of an organisation. EMSs provide a framework to: Identify significant environmental effects Document regulatory requirements Set objectives and targets for future environmental performance Implement procedures and measures for achieving the objectives and targets Undertake audits to assess environmental performance and the effectiveness of measures to achieve the defined objectives and targets 8.1 Frameworks The frameworks that have been developed to address environmental audit include Global Reporting Initiative, Integrated Reporting and Environmental Management Systems. 8.1.1 The Global Reporting Initiative (GRI) Companies can adopt whatever approach they choose when reporting voluntarily on environmental impacts. However, two developments designed to provide guidance on supplying more social and environmental information are the Global Reporting Initiative and the development of full cost accounting. 249 ASSURANCE The Global Reporting Initiative, as its name suggests, is a reporting framework and arose from the need to address the failure of the current governance structures to respond to changes in the global economy. The GRI aims to develop transparency, accountability, reporting and sustainable development. Its vision is that reporting on economic, environmental and social importance should become as routine and comparable as financial reporting. 8.1.1.1 GRI Guidelines The GRI published revised guidelines in 2006. The main section of the Guidelines (Report contents) sets out the framework of a sustainability report. It consists of five sections. (a) Strategy and analysis Description of the reporting organisation's strategy with regard to sustainability, including a statement from the CEO must be made. In addition, there should be a description of key impacts, risks and opportunities. This section should focus firstly on key impacts on sustainability and associated challenges and opportunities, and how the organisation has addressed the challenges and opportunities. It should secondly focus on the impact of sustainability risks, trends and opportunities on the long-term prospects and financial performance of the organisation. (b) Organisational profile Overview of the reporting organisation's structure, operations, and markets served and scale. (c) Report parameters. Details of the time and content of the report, including the process for defining the report content and identifying the stakeholders that the organisation expects to use the report. Details should also be given of the policy and current practice for seeking external assurance for the report. (d) Governance, commitments and engagement structure and management systems This describes governance structure and practice, and statements of mission and codes of conduct relevant to economic, environmental and social performance. The report should give a description of charters, principles or initiatives to which the organisation subscribes or which the organisation endorses. (e) Performance indicators Measures of the impact or effect of the reporting organisation divided into integrated indicators. 8.1.1.2 Indicators in the GRI framework GRI structures performance indicators according to a hierarchy of category and aspect. Environmental Materials Water 250 ASSURANCE Biodiversity Emissions, effluents, and waste Products and services Compliance Transport Overall Human rights Investment and procurement practices Non-discrimination Freedom of association and collective bargaining Child labour Forced and compulsory labour Security practices Indigenous rights Scale of assessment Remediation of grievances Labour practices and decent work employment Labour/management relations Occupational health and safety Training and education Diversity and equal opportunity Equal remuneration for women and men Society Local community Corruption Role in public policy Anti-competitive behaviour Compliance Product responsibility Customer health and safety Products and service labelling Marketing communications Customer privacy Compliance Economic Economic performance Market presence Indirect economic impacts 8.1.2 Integrated reporting The King report of 2009 required South African companies to integrate reporting on sustainability issues with reporting on financial results and operations. The report stressed the need to demonstrate positive and negative impacts, and the need to report on goals and strategies as well as economic, social and environmental issues. 251 ASSURANCE In September 2011 the International Integrated Reporting Council launched a discussion document Towards Integrated Reporting – Communicating Value in the 21st Century. The aim of integrated reporting that the document promoted was to demonstrate the linkage between strategy, governance and financial performance and the social, environmental and economic context within which the business operates. By making these connections, businesses should be able to take more sustainable decisions, helping to ensure the effective allocation of scarce resources. Investors and other stakeholders should better understand how an organisation is really performing. In particular they should make a meaningful assessment of the long-term viability of the organisation’s business model and its strategy. Integrated reporting should also achieve the simplification of accounts, with excessive detail being removed and critical information being highlighted. 8.1.2.1 Capitals Integrated reporting is designed to make visible the capitals (resources and relationships) on which the organisation depends, how the organisation uses those capitals and its impact upon them. (a) Financial Funds available for use in production obtained through financing or generated through operations (b) Manufactured Manufactured physical objects used in production or service provision like buildings, equipment and infrastructure (c) Human Skills, experience and motivation to innovate which includes Alignment and support for organisation’s governance framework and ethical values Ability to understand and implement organisation’s strategies Loyalties and motivations for improvements (d) Intellectual Intangibles providing competitive advantage: Patents, copyrights, software and organisation systems Brand and reputation (e) Natural Input to goods and services and what activities impact: Water, land, minerals and forests Biodiversity and eco-system health (f) Social Institutions and relationships within each community stakeholder group and network to enhance well-being: Common values and behaviours 252 ASSURANCE Key relationships Social licence to operate 8.1.2.2 Guiding principles A number of guiding principles underpin the content and presentation of an integrated report: (a) Strategic objectives Emphasis is on strategic objectives, strategies and how they relate to other components in business model. Report also how organisation uses resources and relationships (b) Connectivity of information Links between different components of business model, external factors and resources and relationships upon which organisation depends. Examples include how changes in market environment influence strategy and how strategies link to key performance and risk indicators and remuneration (c) Future orientation Management expectations about the future are clarified to enable organisation’s users assess prospects. Information should include balancing of short- and long-term interests, where organisation will go and how it will get there, and critical enablers, challenges and barriers. (d) Responsiveness and stakeholder inclusiveness Insight into organisation’s relationships with stakeholders and how organisation takes account of and responds to their needs (e) Conciseness, reliability and materiality Provision of important and reliable information with less significant information being disclosed elsewhere 8.1.2.3 Content elements The content elements follow on from the guiding principles: Organisational overview and business model Operating context, including risks and opportunities, resources and relationships Strategic objectives and strategies including risk management, and also the extent to which sustainability considerations are embedded into strategy to provide clear advantage Governance and remuneration Performance against strategic objectives, impacts on resources and relationships and external factors impacting on performance Future outlook, including how well organisation is equipped to respond to future environment, repercussions of future plans, actions required and uncertainties 8.1.2.4 Benefits of integrated reporting The report identifies a number of potential benefits of integrated reporting: (a) Stakeholder needs The information will be more in line with investor and other, stakeholder requirements, leading to a higher level of trust from, and engagement with, stakeholders. Investors will have better information to assess ability to generate cash flows and risk opportunities. The 253 ASSURANCE connections made in reporting will enable investors to assess better the combined impact of the diverse factors affecting the business. This should result in better investment decisions and more effective capital allocation. (b) Decision-making Having the information will enable better resource allocation decisions, enhanced risk management and better identification of opportunities. (c) Reputation Greater transparency should result in a decrease in reputation risk and lower cost of, and better access to, capital. (d) Harmonisation Integrated reporting provides a platform for standard-setters and decision-makers to harmonise reporting. (e) Stewardship Because of its emphasis on resources and relationships and a longer timeframe, organisations are better placed to act, and be more accountable, as stewards of common resources. (f) Stakeholder relationships The emphasis on stakeholder engagement should lead to greater consultation with stakeholder groups and dealing with their concerns. 8.1.2.5 Challenges to integrated reporting The guidance also identifies a number of challenges to the development of integrated reporting. (a) Local regulation Regulations that vary between jurisdictions currently affect components of integrated reporting and progress towards integrated reporting will happen at different speeds in different countries. (b) Directors’ duties Directors’ duties also vary between jurisdictions. Integrated reporting will be influenced by the users of accounts whom the directors are required to address. (c) Directors’ liability Concerns about liability will need to be addressed, as directors will be reporting on the future and on evolving issues. (d) Confidentiality Organisations will need to balance the benefits of integrated reporting with the desire to avoid disclosing competitive information. (e) Incentives Integrated reporting would assist in overcoming the focus on short-term rewards. 254 ASSURANCE 8.1.3 Environmental management systems The European Union's Eco-Management and Audit Scheme (EMAS) was adopted in 1993 as a voluntary scheme. Its emphasis is on targets and improvements, on-site inspections and requirements for disclosure and verification. The insistence on targets means that organisations that subscribe to it cannot just rely on monitoring. They have to improve their environmental performance. The disclosure and verification requirements are seen as essential, as companies need to know that their performance will be subject to public scrutiny based on data that has been reliably audited, to become 'good little goldfish'. Disclosure means that companies have to address the very real difficulties and conflicts of interest that arise in weighing the need to maximise profits against the need to comply with disclosure requirements. However many businesses were opposed to the requirement of EMAS and lobbying meant that compliance was introduced as voluntary rather than compulsory as was originally intended. EMAS's adoption has been rather more extensive in Germany than elsewhere in the European Union. However many companies that felt that the requirements of EMAS were excessive had eventually to respond to pressures regarding their environmental performance and adopt a recognised standard (ISO 14000). 8.1.3.1 Requirements for EMAS registration An environmental policy containing commitments to comply with legislation and achieve continuous environmental performance improvement An on-site environmental review An environmental management system that is based on the environmental review and the company's environmental policy Environmental audits at sites at least every three years Audit results to form the basis of setting environmental objectives and the revision of the environmental policy to achieve those objectives A public environmental statement validated by accredited environmental verifiers containing detailed disclosures about policy, management systems and performance in areas such as pollution, waste, raw material usage, energy, water and noise 8.1.3.2 ISO 14000 ISO 14000 was first published in 1996 and based on earlier quality management standards. It provides a general framework on which a number of specific standards have been based (the ISO family of standards). ISO 14001 prescribes that an environmental management system must comprise: An environmental policy statement An assessment of environmental aspects and legal and voluntary obligations A management system Internal audits and reports to senior management A public declaration that ISO 14001 is being complied with Critics of ISO 14000 claim that its emphasis on management systems rather than performance is misplaced, and that it is much less effective because it does not include EMAS's rigorous verification and disclosure requirements. 255 ASSURANCE 8.1.3.3 Environmental policy statement The policy statement should be the basis for future action. It needs therefore to be based on reliable data, and allow for the development of specific targets. Organisations may wish to develop their own in-house policy statement or adopt one of the public charters such as the CERES principles or the ICC's Charter for Sustained Development. An in-house charter can be tailored to the organisation's needs and be compatible with the mission statement in other areas. However it may be viewed by outsiders as too general and bland, and also may not be internationally comparable. Adopting internationally recognised standards means adherence to standards that have been determined objectively, and assisting stakeholders by enabling comparison with other organisations that have adopted the same standards. 8.1.3.4 Management roles Whatever the standards adopted, they must be promoted by a member of the senior management team for the standards to be effective, and the audit committee is likely to be involved in monitoring and reporting on environmental compliance. Depending on the size of the organisation and its impact on the external environment, an environmental manager or an environmental management department may be employed. 8.1.3.5 Assessment of environmental aspects and obligations Many companies have been forced to act on environmental issues because of shocks such as environmental disasters or attention from pressure groups. To reduce the chances of these happening, organisations must not only monitor their internal performance, but also include within their monitoring of the external situation assessment of the impact of environmental issues. It will be particularly important to monitor: Emerging environmental issues Likely changes in legislation Changes in industry best practice Attitudes of suppliers, customers, media and the general public Activities of environmental enforcement agencies Activities of environmental pressure groups 8.1.3.6 Management systems In Accounting for the Environment Gray and Bebbington listed the functions that environmental management systems should cover. Environmental review and policy development: A first review of environmental impacts of materials, issues and products and of business issues arising, also the development of a tailored in-house policy or measures to ensure adherence to external standards Objectives and target development: As with all business objectives and targets, it is preferable that those set be unambiguous and achievable. Initiatives such as the WWF initiative described above encourage quantified targets within a specified time period e.g. reducing carbon dioxide emissions by a certain percentage within a specified time period 256 ASSURANCE Life-cycle assessment: This aims to identify all interactions between a product and its environment during its lifetime, including energy and material usage and environmental releases. (a) (b) (c) Raw materials used have to be traced back to the biosphere and the company recognise impact on habitat, gas balance, the energy used in the extraction and transportation and the energy used to produce the means of extraction For intermediate stages, emissions, discharges and co-products At the consumer purchase stage, the impact of manufacture and disposal of packaging, transport to shops and ultimately impacts of consumers using and disposing of the product Establishment and maintenance of environmental management systems: Key features of environmental management systems (as with other management systems) including information systems, budgeting, forecasting and management accounting systems, structure of responsibilities, establishment of an environmentally-friendly culture, considering impact on human resource issues such as education and performance appraisal Regulatory compliance: Making sure that current legal requirements are being fulfilled and keeping up-to-date with practical implications of likely changes in legislation Environmental impact assessment: A regular review of interactions with the environment, the degree of impact and an environmental SWOT analysis, also the impact of forthcoming major investments. Eco-label applications: Eco-labelling allows organisations to identify publicly products and services that meet the highest environmental standards. To be awarded an eco-label requires the product to be the result of a reliable quality management system Waste minimisation: Whether waste can be minimised (or better still eliminated), possibility of recycling or selling waste Pollution prevention programmes: Deciding what to target Research, development and investment in cleaner technologies: How to bring desirable features into product development, bearing in mind product development may take several years, and opinion and legal requirements may change during that period. Desirable features may include minimum resource usage, waste, emissions, packaging and transport, recycling, disassembly and longer product life Environmental performance and issues reporting: Consideration of the benefits and costs of reporting, how to report and what to include (policies, plans, financial data, activities undertaken, sustainability) 8.1.3.7 Advantages of environmental management systems Operating an environmental management system can have the following benefits. 257 ASSURANCE (a) Control of impacts Operating a system should result in a structured approach to controlling impacts and ensuring compliance with laws and regulations (b) Limiting costs and resource usage The system should ensure reduced costs in areas such as waste management and resource inputs, as resources are used more efficiently. (c) Reputation Commitment to a system should demonstrate to stakeholders the organisation’s commitment to environmental responsibility. It can result in reduced pressure from active stakeholders such as government, regulators or pressure groups. 9 External social and environmental reporting As well as developing a system of internal reporting on social and environmental issues, a business may also provide social and environmental data in its external reports. This can be seen as an aspect of a business being a corporate citizen that receives benefits from, and therefore owes duties back to, society. Accountability as a corporate citizen can partly be demonstrated by not just reporting items that can be easily measured and are required by laws, regulations or accounting standards. Large companies are finding pressures to report difficult to resist. 9.1 Media of reporting Environmental reporting is done in a number of different media including annual reports, standalone reports, company websites, advertising or promotional media. Recently larger companies in particular have produced a separate report on social and environmental issues, although many companies still include the information within their annual reports. Titles used for separate reports have included sustainability report, citizenship report, corporate responsibility report and environment, social and governance report. 9.2 Contents of environmental reports Reports generally include narrative and numerical information about environmental impact. Narrative information includes objectives, explanations and, reasons why targets have or have not been achieved. Reports can also address concerns of specific internal or external stakeholders. Useful numerical measures can include pollution amounts, resources consumed or land use. 9.3 Advantages of external social and environmental reporting (a) Transparency and accountability Social and environmental reporting can be seen as fulfilling the key governance principle of transparency, and the requirement of various governance codes for the board to provide a balanced and understandable assessment of the company's position. (b) Impact on internal control systems The need to specify the impact on the environment in external reports means that environmental reporting must be adequately integrated into internal control systems. 258 ASSURANCE Companies need to establish internal measurement systems that collect and process the data required to support environmental reports. (c) Addressing investor concerns about risk Investors and other stakeholders are becoming more interested in the level of environmental disclosures, seeing them as very important disclosures in the context of risk management and strategic decision-making. This can lead to investors seeing companies as lower risk, as more risks are known about and reported, and hence companies' cost of capital falling. (d) Improved reputation An increasing number of companies see voluntary environmental reporting as a means of demonstrating their commitment to good practice and hence enhancing their reputation for ethical and competent behaviour, leading to marketing opportunities as green companies. In particular companies that have a high environmental impact such as oil or gas companies often provide the most information about their impacts. (e) Damage limitation When a company is involved in a well-publicised incident or commits a serious environmental error, it can result in stakeholders having doubts about the legitimacy of its activities. This can mean that threats to its licence to operate arise or its relationships with society are damaged. Environmental reporting can be used to address these concerns by providing reassurance that the company has learnt lessons from its experiences. 10 Environmental audit methodology 10.1 Scope of the Audit As the prime objective of audits is to test the adequacy of existing management systems, they fulfil a fundamentally different role from the monitoring of environmental performance. Audits can address one topic, or a whole range of issues. The greater the scope of the audit, the greater will be the size of the audit team, the time spent onsite and the depth of investigation. In addition, the scope of an audit can vary from simple compliance testing to a more rigorous examination, depending on the perceived needs of the management. The technique is applied not only to operational environmental, health and safety management, but increasingly also to product safety and product quality management, and to areas such as loss prevention. If the intention of auditing is to help ensure that these broad areas are managed properly, then all of these individual topics must be reviewed. 10.2: Scope of environmental audit Although some companies have a regular (often annual) audit cycle, audits are primarily determined by need and priority. Thus not all facilities or aspects of a company will be assessed at the same frequency or to the same extent. 10.2 The Typical Audit Process 259 ASSURANCE An audit is usually conducted by a team of people who will assemble factual information prior to and during a site visit, analyse the facts and compare them with the criteria for the audit, draw conclusions and report their findings. These steps are usually conducted within some kind of formal structure (an audit protocol), such that the process can be repeated reliably at other facilities and quality can be maintained. To ensure that an audit is effective, a number of key steps must be included. 10.3 Basic Steps in Environmental Auditing 10.3.1 Criteria—what do you audit against? An essential step in establishing an audit programme is to decide the criteria against which the audit will be conducted and to ensure that management throughout the organization knows what these criteria are. Typically criteria used for audits are: Company policies and procedures on environmental matters Applicable legislation and regulations Good environmental management practice. 10.3.2 Pre-audit steps Pre-audit steps include the administrative issues associated with planning the audit, selecting the personnel for the audit team (often from different parts of the company or from a specialized unit), preparing the audit protocol used by the organization and obtaining background information about the facility. If auditing is new, the need for education of those involved in the audit process (the auditors or those being audited) should not be underestimated. This also applies to a multinational company extending an audit programme in its home country to subsidiaries abroad. In these situations, the time spent on explanation and education will pay dividends by ensuring that the audits are approached in a spirit of cooperation and are not seen as a threat by the local management. Obtaining background information about a site and its processes can help to minimize the time spent onsite by the audit team and to focus its activities, thus saving resources. The composition of the audit team will depend on the approach adopted by a particular organization. Where there is a lack of internal expertise, or where resources cannot be devoted to the audit activity, companies frequently use independent consultants to conduct the audits for them. Other companies employ a mix of in-house staff and external consultants on each team to ensure an “independent” view. Some large companies use only in-house staff for audits, and have environmental audit groups for this specific function. Many major companies have their own dedicated audit staff, but also include an independent consultant on many of the audits they carry out. 10.3.3 Onsite steps Understanding the internal controls. As a first step, it is necessary to develop an understanding of the controls that are in place or are thought to be in place. These will include assessing formal procedures and practices; record keeping and monitoring; 260 ASSURANCE inspection and maintenance programmes and physical controls for containing spills. The audit team gathers information on the various controls by observation, interviewing staff and the use of detailed questionnaires. Assessing strengths and weaknesses of internal controls. Evaluating the strengths and weaknesses of internal controls provides the rationale for conducting subsequent audit steps. Auditors will look for indicators such as clearly defined responsibilities, competence of personnel, appropriate documentation and records and systems of authorization. It is more important to determine whether the system is effective than whether it is sophisticated. Gathering audit evidence. The audit team attempts to verify that the steps and controls work as intended. Evidence may be collected through inquiry (e.g., asking a plant operator what he or she would do if there were a major chemical spill), observation (e.g., watching specific activities and operations in progress) and testing (checking records to confirm compliance with regulations). Recording audit findings. All the information obtained is recorded (usually on the audit protocol document and as working papers), and a comprehensive record of the audit and the state of the facility at the time is thus produced. Where a deficiency is found, it is noted as an audit “finding”. Evaluating the audit findings. The audit team integrates and evaluates the findings of the individual team members. There may also be common findings. For some observations, an informal discussion with the section manager may be sufficient; for others, inclusion in the formal report will be appropriate. Reporting the audit findings. This usually is done at a meeting with the plant management at the end of the team’s visit. Each finding and its significance can be discussed with the plant personnel. Prior to leaving the site, the audit team will often provide a written summary of findings for the plant management, to ensure that there are no surprises in the final report. 10.3.4 Post-audit steps Following the onsite work, the next step is to prepare a draft report, which is reviewed by the plant management to confirm its accuracy. It is then distributed to senior management according to the requirements of the company. The other key step is to develop an action plan to address the deficiencies. Some companies ask for recommendations for corrective action to be included in the formal audit report. The plant will then base its plan on implementing these recommendations. Other companies require the audit report to state the facts and the deficiencies, with no reference to how they should be corrected. It is then the responsibility of the plant management to devise the means of remedying the failings. Once an audit programme is in place, future audits will include past reports—and progress in the implementation of any recommendations made therein—as part of their evidence. 10.3.5 Extending the Audit Process—Other Types of Audit Although the most widespread use of environmental auditing is to assess the environmental performance of a company’s operations, there are variations on the theme. Other types of audit used in particular circumstances include the following: 261 ASSURANCE Pre-acquisition audits. Concern about potential liabilities has promoted the dramatic increase in environmental auditing prior to acquisition. Pre-acquisition audits are a means of identifying actual or potential problems, and taking these into account in the final negotiations of the deal. Time scales are often very short. However, the information obtained on past operations (perhaps before the present owner), current activities, past incidents and so on can be invaluable. Pre-sale audits. Less common than pre-acquisition audits, but becoming more popular, are audits conducted by the owner prior to selling a plant or a subsidiary company. The rationale is that the company will then know the status of environmental issues before the plant is sold, and can take action to remedy any problems if it feels that is appropriate. Equally important, it can present the results of an independent audit to a potential purchaser as confirmation of the situation. Should any environmental problems arise after the sale, a baseline has been established against which issues of liability can be decided. Issues audits. Some organizations apply the audit technique to a specific issue that may have implications for the whole company, such as waste. The UK-based oil multinational BP has carried out audits examining the impact of ozone depletion and the implications of public concern about tropical deforestation. 11 Full cost accounting Full Cost Accounting (FCA) is at its simplest a system that allows current accounting and economic numbers to incorporate all potential/actual costs and benefits into the equation including environmental (and perhaps social) externalities to get the prices right. As with sustainability, this is a fairly simple definition. Attempts to provide a more helpful definition have proved problematic, with the result that different commentators use the term in different ways. A key problem is that we are not yet sure what a full cost price looks like. Hence the emphasis is achieving increasingly fuller costs. 11.1 Elements of FCA The Bebbington et al report for ACCA quotes and amends the USEPA/Tellus approach to FCA. The approach is of achieving increasingly full costs by a number of tiers. Tier 0 Usual costs Tier 1 Hidden costs Tier 2 Liability costs Tier 3 Less tangible costs Tier 4 Environment focused costs Basic capital and revenue costs Costs usually included as overheads e.g. costs of management systems and safety Contingent liability costs e.g. fines Costs of poor environmental management e.g. loss of goodwill of customers and suppliers, reputation risk Costs that ensure that project has zero environmental effect 11.2 Advantages of FCA (a) Knowledge of full extent of environmental footprint As with sustainability reporting, this aids investors who are better able to assess the risks involved in the companies' activities. 262 ASSURANCE (b) Reducing environmental footprint A key aim of introducing FCA is to assess the significance of the organisation's environmental footprint and thus encourage reductions in per unit and absolute resource usage. (c) Assisting decision-making As well as making specific environmental decisions, FCA can inform decisionmaking by allowing comparisons between the externalities created by different investment options. The environmental costs identified under FCA will be indicators of future business costs in other areas. (d) Favourable publicity FCA can allow organisations to demonstrate that products or processes do not have significant environmental impacts. Disadvantages of FCA 11.3 (a) Data required FCA requires organisations to gather an increased amount of data, with potentially significant information-gathering costs. Some commentators have suggested that organisations need to adopt a life cycle accounting approach to identify externalities. (b) Which cost figures to use? One example is the choice between using the costs of correction (clean-up costs) or using costs of prevention (costs of changing the way business is conducted). (c) Translating activities into impacts The translation process depends on the (possibly limited) state of scientific knowledge. (d) Limitations of business level analysis The argument is that the individual business is too small a unit to conduct meaningful FCA and industry or geographical area data may be more useful. (e) Inclusion of social externalities If full cost accounting accounts for environmental effects, then it would appear logical to try to account for social effects. However widening the concept to include social costs would introduce additional problems of definition and measurement and also mean that political considerations had more significance. (f) Impression given Many organisations have reservations about introducing FCA because of the impression given. FCA may show an alarming picture, suggesting strong sustainability rather than weak sustainability solutions. Many companies might be perceived to have additional responsibilities and ultimately be shown to be unviable. However there may be some lack of consistency in this argument, that many companies that were unwilling to introduce full cost accounting would nevertheless agree with the principle of 'polluter pays.' (g) Compulsory FCA Insistence by governments or standard-setting bodies that businesses go further towards FCA may encourage businesses to relocate away from countries with FCA regimes and thus export the externalities to developing nations. 263 ASSURANCE 11.4 Impact of full cost accounting Supporters of full cost accounting argue that its disadvantages are in a sense beside the point. The main aim of full cost accounting is not to produce an achievable measure but to stimulate debate about the measurement and internalisation of other costs. Full cost accounting, it is argued, demonstrates the limitations of traditional accounting and also highlights the importance of the debate we have discussed about the limits of accountability that accountants have. Full cost accounting shows that the measurement of business performance by measuring recognisable costs falls far short of the limits of business activity. 12 Summary This chapter has covered environmental auditing, which is a new concept but is getting prominence. Environmental auditing is an environmental management tool for measuring the effects of certain activities on the environment against set criteria or standards. Both environmental auditing and environment impact assessment are environmental management tools, and both share some terminology, for example, ‘impact’, ‘effect’, and ‘significant’, but there are some important differences between the two. Objective, coverage of environmental issues and frequency are some of the elements of environmental audit. Financial audits and environmental audits do differ in some respects. There is compliance audit which aims to determine the degree of company compliance with current or prospective legislation while liability audit is conducted prior to buying or selling a facility/land in order to identify potential liabilities, both financial and legal. A minimisation audit generally concentrates on a single issue. The frameworks that have been developed to address environmental audit include Global Reporting Initiative, Integrated Reporting and Environmental Management Systems. An essential step in establishing an environmental audit programme is to decide the criteria against which the audit will be conducted and to ensure that management throughout the organization knows what these criteria are like company policies and applicable legislation and regulations. Full cost accounting (FCA) as a system allows current accounting and economic numbers to incorporate all potential/actual costs and benefits into the equation including environmental (and perhaps social) externalities to get the prices right for companies. 13 End of chapter questions Question 1 Explain the relationship between businesses and the environment Answer The relationship between organisations and the environment is bi-directional (or two-way). This means that business activities affect the environment and environment affects business activities. Organisations affect the environment in many ways. There are direct effects, for example accidental spillage of oil from the refinery may cause pollution of a watercourse; local air quality may decrease due to emissions released from the oil refinery’s stack and water and energy consumption. Question 2 What is the difference between environmental footprint and social footprint? 264 ASSURANCE CHAPTER 14: VALUE FOR MONEY AUDITS Topic List 1. 2. 3. 4. 5. 6. 7. 8. 9. Introduction; Concept of value for money; Value for Money Assessment; Application of Value for money in Human Resources; Application of Value for money in Procurement; Procedures for assessing value for money; Reporting on Value for Money Assessments; Chapter summary; and End of chapter questions. Learning Outcomes By the end of this chapter, you should be able to: 1. Define value for money; 2. Explain the meaning of economy, efficiency and effectiveness; 3. Apply value for money in the human resource and procurement functions of the company; and 4. Explain the procedures required to plan, execute and report on procurement and human resource assurance assignments. 265 ASSURANCE 14.1 Introduction All entities worldwide are striving to run their operations economically, efficiently and effectively so that they can give value for money to their respective stakeholders. This chapter defines and explains value for money, economy, efficiency and effectiveness (commonly known as the 3Es), lists key elements of human resources and procurement processes as examples of processes on which a practitioner can assess value for money, and finally details the procedure to be followed to plan, execute and report on a value for money assurance assignment. 11.1 Concept of Value for Money Value for money can be defined as using resources in the best way in order to achieve planned results. The concept of value for money focuses on three aspects, commonly known as the 3Es. These are economy, efficiency and effectiveness. Economy. Means spending more carefully, and not paying more than necessary for resources like materials, labour and other expenses. It means acquiring resources of appropriate quality and quantity at the lowest cost. The most important thing is that while obtaining low prices is vital, it is not the only consideration when obtaining resources. Achieving true economy also requires a consideration of qualitative aspects like fit for purpose. For instance it is not economical to buy the cheapest but poorly made item that will need replacing now and then. Efficiency. This refers to using resources in such a way that they produce the greatest possible amount of output. It means getting more from the use of available resources. For example efficiency in procurement of goods means procuring appropriate quality and quantity of goods in time. The main consideration is whether the resources obtained are put to good use and whether the processes and working practices in use represent best practice. Effectiveness. Means using resources in such a manner as to achieve desired objectives. In other words, ensuring that the output from any given activity is achieving the desired result. Efficiency is of no value if the output at the end of the day is not what the entity desired to achieve. Thus, value for money approaches an entity from a process point of view in the sense that it interrogates whether economically obtained resources are put to efficient use to generate outputs that are useful to the entity, in the process achieving its objective. 266 ASSURANCE 11.2 Application of Value for Money in Human Resources 11.2.1 Key elements of Human Resources Policies Human resource refers to the workforce that is required and used in an organization in order to fulfill its mandate/mission and therefore achieve its objectives. In order to make the individual employee successful at their job, a number of human resource policies are put in place in an entity. The key policies are as follows: Human resource planning. This is the process by which managers ensure that they have the right number and kinds of people in the right places at the right times who are capable of effectively and efficiently performing their tasks. Recruitment and Selection. Recruitment means the search for qualified applicants and selection is the evaluation and decision of which candidate is the best match for the job and the institution. The whole process starts with identifying your needs and ends with negotiating the final offer with the candidate and hiring the candidates. The recruitment and selection process follows the following stages: establish a search committee, define needs i.e. task and person [job description], source candidates [advertise etc], review CVs and application forms [shortlist], conduct interviews, get references, make decision and make an offer. Orientation. It refers to transitioning a new employee into the organization. This covers work related issues as well as the issues to do with the entire organization like rules and regulations. Training. Is a learning experience designed to achieve a relatively permanent change in an individual that will improve the ability to perform on the job. Performance management. Is a process of establishing performance standards and appraising employee performance in order to arrive at objective HR decisions and to provide documentation in support of those decisions. Terms and Conditions of service. These include a number of aspects like hours of work, salary structure and remuneration, subsistence and travel expenses, leave [annual, compassionate, maternity, sick and others], notice period and the like. These are equally important as far as the management of the workforce is concerned. Grievances procedures. These are a system that give an opportunity to an employee to raise concerns at work more easily, whether these concerns are about their own employment or about other aspects of the organisation’s operations. Disciplinary procedures. Refer to a system that give an opportunity to the employer to raise concerns about behaviours of an employee that are not compatible with its values and beliefs. 267 ASSURANCE 11.2.2 Application of 3Es The human resource function can assist a company to achieve objectives, as earlier on said, in a number of ways. The function can for example assist to minimize costs to the company by ensuring that with proper planning, recruitment and training staff, for instance, is minimized. The human resource function can use the most economic methods of recruiting and training staff, without compromising quality. This will mean that the company will be spending less which is consistent with the concept of economy. Efficiency is a concept that borders on conversion of input into output. In other words, the relationship between the output and the resources to produce them. The human resource function can achieve this by ensuring that not only is the company not overstaffed but also ensuring that the employees that are employed are so productive that they are able to produce more. Training rewards and development could be some of the processes which if properly used can achieve this. Besides, efficiency in terms of human resource also focuses on whether employees are able to achieve results within the expected time frame. Finally, effectiveness in human resource terms requires that the recruited staff should be able to achieve objectives of the company. This can be achieved by recruiting staff with the right knowledge, skills and attitudes. In so doing, the company, through the human resource function, will be deemed to have spent wisely on the staff. 11.3 Application of Value for money in Procurement Procurement is the process of acquiring goods, services and works that are used by an entity in order to fulfill its mandate. The process also includes needs identification, solicitation and selection of sources, preparation and award of contract and all phases of contract administration through the end of service contract or useful life of the asset. The key stages in the procurement process include: Procurement planning. This about envisaging what goods, services and works will be required during the year, when they will be required, how they will be procured, who needs them etc. Procurement requisition. This refers to the detailed description and listing of requirements by the user departments. Sourcing suppliers. Identifying possible suppliers. Procurement method. Deciding which method will be employed to procure goods works or service. Some methods include open tender, restricted, single sourcing just to mention a few. Preparation of tender documents. Documents to be used in the procurement process. Invitation of tenders. Advertising so that prospective suppliers can bid/tender. Receipt of tenders. Receiving the bids. There must be a tender/bid box into which prospective suppliers can put in their bids/tenders. Opening of tenders. Opening the bids/tenders. 268 ASSURANCE Evaluation of tenders. Choosing the lowest evaluated bidder. The process starts by looking at bidders who have met the technical specifications. The lowest evaluated bidder is chosen from all those who have met the technical specifications. This bidder must have submitted the lowest bid out of all those who met the technical specifications. The rationale is that all those that have met the technical specifications can supply quality items and hence the lowest out of them is chosen. Negotiations. Some procurement like consultancy, negotiations are done with the preferred bidder before awarding a contract. Contract award. To the successful bidder. Contract management. This involves undertaking all actions that will ensure that both the bidder and the procuring entity (the one procuring) have fulfilled their obligations. 11.3.1 Application of 3Es The purpose of the procurement function is to provide the right goods, services and works to the company so that the company is able to achieve its objective. In the end, the procurement function should be able to give value for money to the company. Value for money in procurement is not about achieving the lowest initial price: it is defined as the optimum combination of whole life costs and quality. To do achieve this, processes must be followed as explained earlier. The procurement processes are aimed at ensuring that the procurement function minimizes the costs of procuring the goods, services and works (economy), not only procures within a reasonable time but also encourage competition (efficiency) and procures goods, services and works that are fit for the intended (effectiveness). There are many ways in which value for money can be achieved in procurement. These ways can be grouped into three. Those that are aimed at reducing the cost of purchasing (economy) and time it takes for example administrative effort in processing and order, evaluating tenders, taking delivery of goods ordered (efficiency). This increases the cost of buying goods by 10 to 50 percent. Those aimed at getting more value from money by negotiating improved deals with suppliers (reduced cost and/or better quality) or aggregating demand to get leverage on supplier (economy). Those aimed at improving project, contract and asset management (effectiveness). Some of the ways to achieve value for money include: Getting an increased level of quality of service at the same cost Avoiding unnecessary purchases Ensuring that user needs are met and not exceeded 269 ASSURANCE Specifying the purchasing requirement in output terms so that suppliers can recommend costeffective and innovative solutions to meet that need Sharpening the approach to negotiations to ensure departments get a good deal from suppliers Optimising the cost of delivering a service or goods over the full life of the contract rather than minimising the initial price. Introducing incentives in the contract to ensure continuous cost and quality improvements throughout its duration Aggregating transactions to obtain volume discounts Developing a more effective working relationship with key suppliers to allow both departments and suppliers to get maximum value from the assignment by identifying opportunities to reduce costs and adopt innovative approaches Reducing the cost of buying goods by streamlining procurement and finance processes Reducing the level of inventory held. 11.4 Matters to consider in assessing Value for Money Value for money assessment is concerned with any sphere of the companies’ activities. Examples of the areas include human resources, procurement, budgeting and other. Human resources and procurement will be discussed in this chapter as samples. The prime objective of these assessments is the monitoring of management’s performance at every level, to ensure optimal functioning according to pre-determined criteria or best practice. As pointed out earlier on, three main areas are assessed in value for money: 11.4.1 Economy The economy of a business is assessed by looking at the inputs to the business or process and deciding whether these are the most economical that are available at an acceptable quality level. For instance if assessing the economy of a commercial company the inputs would be capital (plant and machinery, buildings), raw materials, workforce (human resource), and any administrative function required to run the business, procurement for example. 11.4.2 Efficiency The efficiency of an operation is assessed by considering how well the operation converts inputs to outputs. In a manufacturing company, this might involve looking at wastage in production or quality control failures for example. 11.4.3 Effectiveness The effectiveness of an organization is assessed by examining whether the organization is achieving its objectives. To assess effectiveness there must be clear objectives for the 270 ASSURANCE organization that can be examined. In some organizations, particularly not for profit and public service organizations, deciding suitable objectives can be one of the most difficult parts of the value for money exercises. 11.5 Procedures for Assessing Value for Money The procedure to be adopted by practitioners when carrying out assurance engagements on value for money engagements, which is similar to other assurance engagements, is as follows: The engagement must be planned and performed with a degree of professional scepticism, Throughout the exercise, the practitioner must follow the IFAC code of conduct and more so during the execution of the assignment. Appropriate procedures for quality control of the practitioner’s work must be applied to each engagement The practitioner should use targets or national averages or industry averages or best practice as methods [criteria] of measuring economy, efficiency and effectiveness. The practitioner should gather evidence on the 3Es and reach a conclusion Identify areas of weaknesses and make recommendations. Before completion of an assurance engagement, the client may ask for the nature of the engagement to be changed to a ‘non assurance’ engagement, or for the level of assurance to be reduced. If this happens, the practitioner should consider whether the request is appropriate, and should not agree to the change unless there is a good reason 11.6 Reporting on Value for Money Assessments At the end of the exercise, the practitioner has to produce a report. The report communicates the outcome of the assessment to the intended user. The contents of the report consist of: A title. Indicating that the report is an independent assurance report Addressee. The person or body to which the report is addressed Subject matter of the report. Suitable criteria that has been selected for assessment A statement that the use of the report must be restricted certain specified users, or that the use of the report should be restricted to a specific purpose for which it was prepared. A statement that the engagement was carried out in accordance with ISAEs A summary of the work performed The practitioners’ conclusion The date, name and address of the practitioner. 11.7 Conclusion Value for money means using resources in the best way in order to achieve planned results. Value for money focuses on economy, efficiency and effectiveness. Economy means spending more carefully, and not paying more than necessary, efficiency refers to using resources in such 271 ASSURANCE a way that they produce the greatest possible amount of output and effectiveness means using resources in such a manner as to achieve desired objectives. Assessment of value for money can be carried out in all the aspects of an entity. Human resources and procurement are just examples of these aspects. Practitioners can assess value for money and give an assurance on any aspect of the entity including human resources and procurement. The methodology to be used is similar to any assurance assignment. 11.8 End of Chapter Questions a) Define the following terms: value for money, economy, efficiency and effectiveness. b) Give examples of criteria that you will use to assess economy, efficiency and effectiveness of the human resource function and the procurement function in a company. 272 ASSURANCE SECTION C: PERSONAL AND PROFESSIONAL ETHICS 273 ASSURANCE CHAPTER 15: INTRODUCTION TO ETHICS Topic List 1. 2. 3. 4. 5. 6. 7. 8. 9. Introduction; Definition of ethics; Role of ethical theories; Branches of ethics; Perspectives on ethics; Theories of ethics; Ethics and morality, maturity and the profession; and Ethical monism, relativism and pluralism. End of chapter questions Learning Outcomes By the end of this chapter students should be able to: Describe the role of ethics Explain the branches, perspectives and theories of ethics; Explain the importance of ethics to the profession; Apply their knowledge of ethics to solve personal professional dilemmas. 274 ASSURANCE 15.1 Introduction This chapter provides an introduction to the study of ethics and a brief overview of some of the main branches of philosophical thought about ethics. As well as introducing the central ideas that relate to environmental and development ethics and how these two areas of ethical study are interrelated, this unit shows why ethics as a discipline can provide useful tools for clarifying arguments, for understanding a range of viewpoints in a debate, and for justifying one’s own ethical positions more clearly. Key conceptual frameworks and some key terms are introduced and explained. This chapter also introduces different branches of ethics, in order to help one understand that people approach the topic with different points of view. One will learn about different ways of thinking through an ethical question. This will help one identify the way that one make decisions so that one can recognise their own personal ethics in any professional ethical problem that one may be faced with. In this way, one can mitigate any detrimental impact of one their own personal ethics, with a view to a more objective approach to issues that one may face on a daily basis. 15.2 Definition of ethics Ethics is a branch of philosophy that studies the difference between right and wrong. As professional accountants, you will have many opportunities to choose between what is right or wrong. And as you have seen in the business press, making the wrong choice can lead to serious consequences including corporate failure, loss of reputation, fines, and even jail sentences. Ethics has been applied to different fields like biology, for example, resulting in new fields of study like bioethics and environmental ethics; to social sciences, resulting in fields of study like feminism; to war, for pacifism; to criminology, for criminal justice; and to business and the field of business ethics. What you will be studying in this module generally falls into the area of professional ethics. 15.3 Role of ethical theories Every day, each one of use makes numerous decisions about what could be considered 'ethical' issues. For example, should I donate to a street beggar? Should I do the washing-up (even though I am tired) so my husband/wife doesn't have to? Should I help my colleague out with getting the report in on time, even though I'd rather leave work early and join my friend for a social meeting? We usually weigh up the rights and wrongs of these small decisions fairly quickly and easily. But it isn't always easy to know what the right or wrong action is. On closer examination, even a question as apparently simple as whether or not to give aid to alleviate poverty may be fraught with difficult issues. On what ethical basis should individuals give money to charity? Is it 275 ASSURANCE because we have a duty to give some of our income to help people less fortunate than ourselves? Or is it because we have a duty to uphold other peoples' fundamental human right to live healthy and secure lives? Is it simply that giving money to charity makes us a good person - and, perhaps, allows us to feel better about ourselves? Whatever the reason, is it the consequences of our actions that matter? For example, is it important to know before we donate money what percentage of our money will go to helping the needy and how much will go to paying consultants or Non-Governmental Organisation executives? Or is it purely the action itself (in this case, the act of giving) that is intrinsically right? These questions are a starting point for a brief consideration of the main traditions of ethical thought. These types of theories, which are concerned with how we ought to act, belong to the branch of philosophical study called normative ethics. Normative ethical theories are concerned with moral actions, and with how people ought to live their lives. Most of these ideas form the basis of modern-day environmental and development policy, and they are very commonly used as the basis of ethical arguments, often as a result of deductive reasoning. When people use deductive reasoning, they are applying a general principle to a particular situation. For instance, a general principle such as 'all people have the right to a clean environment' may be applied more specifically: 'therefore a company should not be allowed to pollute the environment and to endanger the health of local residents'. By becoming familiar with the main traditions of ethical thought, you will be able to identify clearly how you use these principles when you construct your own arguments. You will also be able to recognise these arguments when they are used by other people. By thinking about the problematic issues surrounding these moral traditions, you can apply these critiques both to your own thinking and the arguments of others. If you are aware of some of the theoretical conflicts between these traditions, and if you can recognise when these ethical principles are being used, this can equip you to spot inconsistencies in the arguments that you or others make. The word deontological is derived from the Greek word deon, meaning 'duty'. It is concerned with right action - in other words, with doing the right thing simply because it is the right thing to do. Deontological theories focus on whether ethical decisions per se are right or wrong, regardless of the consequences or intentions of those ethical decisions. The word teleological is derived from two Greek words: telos, which means 'purpose' or 'goal'; and logos, which refers to 'science' or 'study'. It is concerned with being good - in other words, with being a good person with good intentions. Therefore, in contrast to deontological ethics, the teleological ethical traditions concentrate on the purpose of - or the intention behind - human actions. The focus of teleological ethical theories is on what the goal of a given decision is. 276 ASSURANCE 15.4 branches of ethics Deontological ethics All deontological ethics theories are non-consequentialist. This means that they place the emphasis on the decision or action itself - on the motivations, principles, or ideals underlying the decision or action - rather than being concerned with the outcomes or consequences of that decision or action. This reasoning is founded on the desirability of principle (usually duties or rights) to act in a given situation. The two main non-consequentialist theories are ethics of duties and ethics of rights and justice. Both of these are rooted in assumptions about universal rights and wrongs and responsibilities. This means that people who promote these types of ethical principles usually believe that they should be applied to everyone, everywhere in the world. If a child in one country has a right to an education, then this means that all children, everyone in the world, should have a right to an education. Examples of these types of principles can be found in the Universal Declaration of Human Rights. Duties Most people believe that all human beings have some duties to other human beings. Duties can be positive, such as the duty to look after one's children, or negative, such as the duty not to murder another human being. When people use the language of duties, they usually do so in a way that implies that the duty is universal to all human beings (or at least to all adult humans of sound mind). The foundation of theories of duties is the theory developed by the German philosopher, Immanuel Kant (1724-1804). Rather than relying on religion to tell us what our duties are, Kant believed that we can rely on our powers of reason to do so. At the centre of Kant's theory of duty is what he termed categorical imperatives. Some actions and decisions are founded on our personal desires. For example, you could say, 'If you want to live in a beautiful house, you ought to work hard'. However, this is not a categorical imperative, as it is based simply on fulfilling our desires. A categorical imperative tells us that we must do something, irrespective of our personal desires: for example, 'You ought to look after your parents'. A central principle of the categorical imperative is that we should treat people as an end, never as a means to an end. This means that people should be treated with dignity. Treating someone as a means to an end involves using them as a tool to achieve something else. Buying products made by workers who have been paid unacceptably low wages in order to ensure a cheap price for the goods they produce, is treating the workers as a means to an end and it not fulfilling the 277 ASSURANCE duties we have to those workers. Buying guaranteed 'fair trade' products, in contrast, recognizes our duty to ensure that the workers who produce our goods earn acceptable wages. The concept of duty is not only used in terms of secular arguments. The exhortation to 'do to others as you would have them do to you' is a text that is taken from Christian scriptures, but it has parallels in many other religious traditions. Both secular and religious notions of duty give us many duties, such as those to keep promises, to avoid injuring others, to compensate others when we do them harm, to uphold justice, to improve the living conditions of others, etc. Duties are very often closely linked to the notion of rights. When somebody has a right, usually this implies that others have a duty to uphold this right. Rights Rights theory is one particular duty-based theory of ethics. A right is a justified claim against another person's behaviour. So rights and duties are related in that the rights of one person imply the duty of someone else to uphold that right. Teleological ethics Consequentialist ethics come from the teleological branch of ethical theory. You will remember that teleological theories focus on the goal of the ethical action. Consequentialist theories are those that base moral judgements on the outcomes of a decision or an action. If the outcomes of an action are considered to be positive, or to give rise to benefits, then that action is held to be morally right. Conversely, if the outcome causes harm, then the action is held to be morally wrong. The judgement of right or wrong depends on the consequences of the decision or action. The two main consequentialist theories considered here are egoism and utilitarianism. What are some of the key differences between consequentialist and deontological ethics? Egoism Egoism is the theory that one's self is, or should be, the motivation for all of our actions. It is worth distinguishing between egoism as a descriptive argument (an argument that tells us how the world actually is) and egoism as a normative argument (an argument that tells us how the world ought to be). Egoism as a descriptive argument describes human nature as self-centred. In its strongest form, it argues that individuals only ever act in their own self-interest. Even where 278 ASSURANCE they appear to be acting in others' interests, descriptive egoism explains that the person is really motivated by their own self-interest disguised by arguments (rationalisations) of 'doing one's duty' or 'helping others'. In fact, our motivation behind doing 'good deeds' may be to make ourselves feel good; to make ourselves look good in the eyes of others; or because we believe that, by helping others, others will help us. Even if we donate money to charity anonymously, we may still only really do this because it makes us feel good about ourselves. In contrast, egoism as a normative argument tells us that we should be acting in our own interests, as this is the only way that overall welfare can be improved. If everyone acts in their own self-interest, then society will become more efficient, which will be in everyone's interest. It is therefore morally right to pursue one's own self-interest. One of the most famous normative egoists was Adam Smith, one of the pioneers of neo-classical economic theory. He argued that self-interested behaviour is right if it leads to morally acceptable ends. Smith argued that if everyone followed their self-interest, then society as a whole would be improved. (Importantly, he also argued that if egoism led in fact to the worsening of society, then it should be abandoned.) The theory of egoism is at the heart of capitalist arguments that a corporation's sole responsibility is to its shareholders. However, some form of social and environmental responsibility can be consistent with egoism because egoist decisions may address immediate moral demands by aiming to satisfy long-term self-maximising objectives - of the firm (e.g. profitability) or the individual (e.g. philanthropy). While it is an important theory for understanding economic rationality, we do not consider egoism in great depth here. Of more interest is another consequentialist theory: that of utilitarianism. Utilitarianism The modern form of the consequentialist theory of utilitarianism derives from 19th century British philosophers such as Jeremy Bentham and John Stuart Mill, and it has been particularly influential in areas of the world influenced by British culture. Rather than maximise individual welfare, utilitarianism focuses on collective welfare and it identifies goodness with the greatest amount of good for the greatest number of people: the 'greatest happiness principle'. So maximising benefits for the greatest number of people involves net assessments of benefit: utility is the net result of benefits and costs. Utility has entered modern economics as a key quantitative concept. The concept of trade-offs is specifically embraced and social and environmental costbenefit analyses are explicit utilitarian tools for assessing the goodness of an action. A simple balance sheet of costs and benefits can be drawn up to assess the overall utility of a decision. Utilitarianism has three essential elements: Whether an action is right or wrong is determined solely by its consequences. The value of the consequences of an action is assessed in terms of the amount of happiness or well-being caused. In assessing the total happiness caused to a number of people, equal amounts of happiness are to have equal value, no one person's happiness having greater value that another's. 279 ASSURANCE Limitations of normative theories The normative theories of ethics have some general criticisms. The ethical theories presented in this section are from the Western world philosophical tradition; they are based on varied assumptions; and together they provide a pragmatic framework for judging right and wrong in decision-making. Yet they have been criticised for being too 'neat and tidy' - and perhaps too contrived or calculating - for the real world. These theories are criticised because of the following: 15.5 They involve a high level of abstraction from reality: the real world is complex and such a 'principled' approach to resolving day-to-day dilemmas about behaviour is unhelpful and ignores the real-world context of decision-makers. They may be narrow in their application: the 'reductionist' critique suggests that the focus on one particular aspect of ethics, such as rights or duties, reduces the complexity of ethical issues to one narrow parameter of reality when all are important. They are overly academic: perhaps the abstraction and narrowness are a reflection of theoreticians who live in a world - perhaps the 'rarefied', 'ivory-tower', academic environment - that gives undue value to the 'wisdom' of such specialists as the arbiters of what is right and wrong and of how to decide between the two. They are inhuman: again, the principles are enunciated in an impersonal context in which decision-making becomes 'formulaic' and human relations, instincts, and emotions are absent. They involve prescriptive approaches: the principles and their application suggest that ethical dilemmas can be solved by living by a given set of rules, whereas true decisionmaking requires a high involvement of individuals and 'ownership' through using their own discretion and judgement. Perspectives on ethics In very broad terms, there are three ways of looking at ethics that have developed over time: rules of conformance, good intentions, and competence. One way of thinking about ethics is in terms of conformity to rules. From this perspective, ethics is understood as a list of things to do and to not do. Sometimes the list gets very long and complicated and needs to be interpreted by a whole institution of people. The ethical person, from this perspective, is the one who conforms to the rules. A second way of thinking about ethics is in terms of good intentions. From this perspective, behaviour is considered ethical if it is based on good intentions. Good behaviour then follows from good thinking. The third perspective thinks of ethics in terms of competence. From this perspective, the ethical person is one who can make decisions based on principles and then act on them. This perspective is thought of as looking at competence, because ethics is thought of in terms of ability rather than an attitude. 280 ASSURANCE Our duty to others One way to think about ethics is to acknowledge that there are things that someone just does not do, as part of a duty to others. A limitation of this principle is that you have to decide what those things are that someone should not do. At least one philosopher (Immanuel Kant) has defined those duties by saying ‘act according to principles that everyone could follow.’ For example, if you disobey traffic lights, you should consider what would happen if everyone did so. The point is that we should recognise everyone as equals, and not assume that the rules are any different for us than they are for other people. As an accounting example, a professional accountant would not deliberately issue false or inaccurate financial statements. If everyone did so, no statements could be trusted and as a consequence not only would the profession be brought into disrepute, but all financial statements would have no value to their users. Ultimately the need for accountants and for financial reports would be called into question. Consequences Another way of thinking about ethics is based on thinking about the consequences to different people. Briefly, consequentialism encourages you to make decisions based on the consequences — both positive and negative — for those involved. This category of thinking is the branch of ethics known as utilitarianism. This states that an action is right if it leads to the best outcomes and the least bad outcomes for the greatest number of people. One limitation of thinking about ethics in terms of consequences is that you have to agree on what sorts of consequences matter: for example, should you be trying to promote pleasure and avoid causing pain, or should you instead focus on promoting people’s actual well-being, regardless of whether doing so makes them happy? A modern application of this point of view is the cost-benefit analysis, which involves assigning monetary values to the costs and benefits of an action and seeing how they add up. This practice is often used in evaluating new projects. As an accounting example, an accountant thinking in terms of consequences would prepare ‘true and fair’ financial statements because doing so would bring the most benefit to the greatest number of people. In other words, stakeholders inside and outside the organisation would be able to make more informed decisions as a result. 281 ASSURANCE 15.6 Theories of Ethics Virtue theory In virtue theory, the emphasis is on deciding what sort of person one should try to be, and to define the virtues such a person would embody. You decide what makes a good person, instead of what makes a good action, and act accordingly. One limitation of this way of thinking is that what constitutes a virtue must be agreed upon, and it can vary by culture and over time. For example, the qualities of good financial reports were once considered to be completeness, historical accuracy, reliability and strict adherence to the legal form in disclosing business transactions. More recently, the qualities of good financial reports have come to be relevance for decision-making, reference to a wider conceptual framework, and presenting the economic substance of business transactions. As an accounting example of the use of virtue theory, in deciding whether to agree to a client’s request to use a questionable method for valuing inventory, an accountant would ask, ‘What would a conscientious accountant do in such a situation? What would one of my respected mentors do?’ Social contract theory The social contract theory of ethics advises you to think about ethics as embodying a set of rules agreed upon by reasonable people to bring order to social living. So when making an ethical decision you ask yourself, ‘What rule would reasonable, unbiased people agree to?’ You then follow such rules, regardless of whether they benefit you in particular situations. One criticism of this theory points out that the agreement referred to by social contract theory is entirely imaginary. Why consider yourself bound by an agreement that never happened? An accounting example of social contract thinking might be seen in a situation where an accountant has to decide between loyalty to a client and candid assessment of financial statements. Both of those options involve important social values. Thinking in social contract terms, the accountant might ask, ‘What rule for balancing these values would unbiased people agree to?’ Rules of thumb In addition to scholarly branches of philosophy, some other ways of looking at right and wrong have developed. 282 ASSURANCE The golden rule The classic golden rule is to ‘do unto others as you would have them do unto you.’ In other words, ‘I will not cheat that person because I do not want them to cheat me.’ The golden rule is a simple and useful tool, but it does have some limitations. We don’t really know how babies or animals want to be treated, for example, so the golden rule can’t tell us much about how to treat them. Also, the whole rule is based on your own feelings of how you yourself would want to be treated. But your own needs and preferences might not be typical. For example, the fact that you personally do not value privacy does not mean that you don’t owe others an obligation to respect their privacy. As an accounting example, this rule of thumb could be applied to mean that you disclose all information that may be relevant in financial reports because, if you were the reader of those financial statements, you would expect to receive all the information, and disregard any that is not relevant to you. Mirror Test Another rule of thumb is the mirror test. This is a quick way to evaluate a decision that you are about to make, and reinforces the notion that you are responsible for your own actions. Imagine you’re looking in a mirror and ask yourself: Whether it is legal: If it is not legal, don't do it. What others will think: Others meaning a friend, a parent, a spouse, a child, a manager, the media, or someone else whose opinion is particularly important to you. As an accounting example, in deciding whether to agree to a client’s request to use a questionable method for valuing inventory, an accountant thinking in terms of this rule of thumb would consider how a story about this action would look on the front page of the local newspaper. 15.7 Ethics and morality, Maturity and profession Ethics and morality Ethics is often used in connection with the activities of organisations and with professional codes of conduct: for instance, medical and business ethics, which are often formalised in terms of exhaustive sets of rules or guidelines stating how employees are expected to behave in their workplaces (such as in respect of a duty of care or confidentiality that professional accountants or auditors owe to their clients; or respect for autonomy, and justice). Morality, on the other 283 ASSURANCE hand, is more often used in connection with the ways in which individuals conduct their personal, private lives, often in relation to personal financial probity, lawful conduct and acceptable standards of interpersonal behaviour (including truthfulness, honesty, and sexual propriety). These everyday uses of the terms ‘ethics’ and ‘morality’ are not so much incorrect by philosophical standards, as too limited. The philosopher’s interest in the theoretical study of ethics is with the idea of conduct that is right, fair and just, does not cause harm, and that can be applied to a wide variety of cases. For our purposes, each of the terms ‘ethics’ and ‘morality’ captures the essence of that idea sufficiently well. In what follows, then, it is not really necessary to over-emphasise the distinction between ethics and morality; here, those terms may be used interchangeably to refer to ideas about how humans ought to act. Ethics and maturity There is a theory of moral development which says that people move through six stages. This theory was popularised by Lawrence Kohlberg. His theory of moral development was dependent on the thinking of the Swiss psychologist Jean Piaget and the American philosopher John Dewey. These men said that human beings develop philosophically and psychologically in a progressive fashion as they grow. In stage one, people are concerned with obedience and punishment and the immediate results to themselves. The question they ask themselves is, ‘Will I be punished if I do this?’. In stage two, people are still concerned about the consequences, but have moved on to thinking about what else is in it for them. They think, ‘You do a favour for me and I’ll do a favour for you.’ In stage three, people begin thinking about their social relationships. They want to be a good person so that they can seek approval from others. In stage four, a functioning society is paramount, and people seek to obey laws and social conventions. If one person violates a law, perhaps everyone would, so there is an obligation to uphold the law. In stage five, people think in terms of inalienable rights and liberties. Laws are seen as embodying social contracts, and such contracts are open to criticism. People at this level are interested not just in what society’s rules are, but in what makes a good society so that each person can contribute to that end. The theory says that people rarely reach stage six. If they did, they would show respect for universal principles and the demands of individual conscience, acting because it is right, not because it was legal or expected of them. Although this theory of moral development has been 284 ASSURANCE criticised for being overly concerned with abstract principles such as justice, and not enough with care, it is still a useful framework for investigating your personal ethics. Ethics and professions Historically, most professions like medicine and law had codes of ethics and members were required to swear an oath to uphold those codes, thereby ‘professing’ to a higher standard of responsibility. In modern times, membership of a profession is usually restricted and regulated by one or more professional associations and rigorous training and additional schooling is required. Professionals typically proclaim an obligation to society beyond their client relationship, and point to a code of ethics that they follow. So as a professional accountant with a code of ethics, you will form part of a long tradition of people who ‘profess’ to a higher standard of accountability. You will also enjoy a position of trust and responsibility. This is perhaps most obvious in the role accountants play in auditing publicly traded companies. Although the client company pays the bills, your highest obligation is to the public good, and in particular to the investing public that will be relying on the accuracy and integrity of your work. 15.8 Ethical monism, relativism and pluralism Monism and relativism So far, you have been introduced to a range of approaches to considering ethical dilemmas. As you have been reading them, you will probably have agreed with a lot of the theories that have been introduced so far. It would seem sensible to take a decision that has the best possible outcome for all concerned (utilitarianism). But, at the same time, you may also believe that there are some universal rights which all humans have (deontology). You probably also do things each day because you think it makes you a good person and not because of any duty or consequences that this action might have (virtue ethics). It is clear that philosophers propose many different approaches to deciding what action is right or wrong. Which of those approaches is right? How can this be determined? And, importantly, who should decide which ethic is the correct one to adopt? If it cannot objectively be decided which approach is right, does this mean that the study of ethics is nothing more than a series of different people's opinions? Perhaps they are all right! If so, what happens when the different frameworks reach different conclusions or even conflict? Such questions can be approached in several ways. Some philosophers argue that it is possible to make objective decisions about our ethics and that identifying one, valid ethical theory should be the main task of philosophers. This position is called ethical monism. Others philosophers, in contrast, believe that it is impossible to make such objective ethical judgements and that any 285 ASSURANCE decision about which particular ethical approach is 'right' is nothing more than a personal preference, and will depend on people's individual feelings, their cultural and religious background, etc. This position is called ethical relativism. Do you think that you are an ethical monist or an ethical relativist? Do you think there is another option? A dilemma Traditional ethical theories (such as deontological theories) are generally absolutist and normative because they reflect a belief in universally applicable moral principles and objective qualities of right and wrong, on which there need be no debate. So, many of the principles we looked at in the previous section are monist. Monism is nice and tidy. It simply asks us to choose one moral framework and to apply it to our ethical decision-making. But how many of us can call ourselves monists? As you were reading through the ethical theories in the previous section you probably found yourself agreeing with more than one of the theories. Many philosophers have argued that the world is not the neat and tidy place that monists would have it be. People often use a range of ethical frameworks to make their decisions. So should we argue then for ethical relativism, and say that all ethical frameworks have some validity? If you accept the ethical relativist's argument, this leaves the study of ethics in a difficult position. If we cannot say that our ethical frameworks amount to anything more than personal preference, then we are not left in a very strong position to promote any one ethical decision over another. Development ethicists would have to conclude that whatever a particular culture promoted as right or wrong, was indeed right or wrong for that culture. Environmental ethics would not be able to hope to fulfil its promise of addressing the environmental crisis by promoting forms of decision-making that will protect and conserve the non-human world, as there would be no basis for arguing that people should adopt alternative frameworks for thinking about the natural world. The study of ethics would become nothing more than describing and comparing the ethical arguments. There would be no question of being able to promote one ethical argument over another. 15.9 End of chapter questions a) What are ethics b) Describe any two branches of ethics c) Discuss theories of ethics that literature hold 286 ASSURANCE CHAPTER 16: PERSONAL ETHICS Topic List 1. Introduction; 2. Personal ethics; 3. Ethical dilemmas; 4. Framework for ethics; 5. Frameworks for ethical decision-making; 6. End of chapter questions Learning Outcomes By the end of this chapter, students should be able to: Define personal ethics; Explain ethical dilemmas; Explain framework for ethics; and Explain frameworks for ethical decision making 287 ASSURANCE 16.1 Introduction People hold different beliefs and values, and so personal ethics can differ widely from person to person. Beliefs and values often motivate a person by defining what they see as being important. In turn, they influence a person’s attitudes, and how they behave. Ethical expectations constrain a person’s behaviour by providing expectations on how to behave. In other words, personal ethics are standards by which a person judges behaviour as being ‘right’ or ‘wrong’. This chapter covers personal ethics as well as ethical dilemmas that professional accountants may face on a day to day basis. 16.2 Personal ethics Simply stated, ethics refers to standards of behaviour that tell us how human beings ought to act in the many situations in which they find themselves-as friends, parents, children, citizens, businesspeople, teachers, professionals, and so on. Personal ethics refers to the ethics that a person identifies with in respect to people and situations that they deal with in everyday life. Professional ethics refers to the ethics that a person must adhere to in respect of their interactions and business dealings in their professional life. What is not ethics? It is helpful to identify what ethics is not: Ethics is not the same as feelings. Feelings provide important information for our ethical choices. Some people have highly developed habits that make them feel bad when they do something wrong, but many people feel good even though they are doing something wrong. And often our feelings will tell us it is uncomfortable to do the right thing if it is hard. Ethics is not religion. Many people are not religious, but ethics applies to everyone. Most religions do advocate high ethical standards but sometimes do not address all the types of problems we face. Ethics is not following the law. A good system of law does incorporate many ethical standards, but law can deviate from what is ethical. Law can become ethically corrupt, as some totalitarian regimes have made it. Law can be a function of power alone and designed to serve the interests of narrow groups. Law may have a difficult time designing or enforcing standards in some important areas, and may be slow to address new problems. Ethics is not following culturally accepted norms. Some cultures are quite ethical, but others become corrupt -or blind to certain ethical concerns (as the United States was to slavery before the Civil War). Ethics is not science. Social and natural science can provide important data to help us make better ethical choices. But science alone does not tell us what we ought to do. Science may provide an explanation for what humans are like. But ethics provides reasons for how 288 ASSURANCE humans ought to act. And just because something is scientifically or technologically possible, it may not be ethical to do it. 16.3 Ethical dilemmas You may recall that ethics is a term that refers to a code or moral system that provides criteria for evaluating right and wrong. An ethical dilemma is a situation in which an individual or group is faced with a decision that tests this code or moral system. Many of these dilemmas are simple to recognize and resolve. For example, have you ever been tempted to call your boss to report a fake bed rest when you are to attend a job interview elsewhere. Temptation like this will test your personal ethics. 2.1 Requirements for ethical dilemma There are three conditions that must be present for a situation to be considered an ethical dilemma. (i) A need to make a decision: The first condition occurs in situations when an individual, called the “agent,” must make a decision about which course of action is best. Situations that are uncomfortable but that don’t require a choice are not ethical dilemmas. For example, students in their internships are required to be under the supervision of an appropriately credentialed social work field instructor. Therefore, because there is no choice in the matter, there is no ethical violation or breach of confidentiality when a student discusses a case with the supervisor. (ii) The need to choose from different courses of action: The second condition for ethical dilemma is that there must be different courses of action to choose from. (iii) An ethical principle being compromised: Third, in an ethical dilemma, no matter what course of action is taken, some ethical principle is compromised. In other words, there is no perfect solution. In determining what constitutes an ethical dilemma, it is necessary to make a distinction between ethics, values, and morals. Ethics are prepositional statements (standards) that are used by members of a profession or group to determine what the right course of action in a situation is. Values, on the other hand, describe ideas that we value or prize. To value something means that we hold it dear and feel it has worth to us. As such, there is often a feeling or affective component associated with values. Often, values are ideas that we aspire to achieve, like equality and social justice. Morals describe a behavioral code of conduct to which an individual ascribes. They are used to negotiate, support, and strengthen our relationships with others. 3.2 Importance of personal ethics It is extremely important for accounting professionals to be ethical in their practices due to the very nature of their profession. 289 ASSURANCE 3.2.1 Maintenance of clients’ confidence The nature of accountants’ work puts them in a special position of trust in relation to their clients, employers and general public, who rely on their professional judgment and guidance in making decisions. These decisions in turn affect the resource allocation process of an economy. The accountants are relied upon because of their professional statues and ethical standards. Thus, the key to maintaining confidence of clients and the public is professional and ethical conduct. 3.2.2 Support fiduciary relationship Accountants render professional services such as assurance and taxation service to clients for a fee as well as to employers if employed. Both of these cases are fiduciary relationships. In such a relationship, they have the responsibility to ensure that their duties are performed in conformity with the ethical values of honesty, integrity, objectivity, due care, confidentiality, and the commitment to the public interest before one’s own. Thus, accountants, as professionals, are expected to maintain a level of ethical conduct that goes beyond society’s laws. This has made the professional accounting bodies to develop a code of professional conduct, which sets rules or standards that define right from wrong to ensure that members’ behaviour complies with perceived public expectations of ethical standards. 3.2.3 Help to develop moral sensitivity on technical issues How accountants have been involved with large corporate scandals in recent times reflects that they have not complied with the expected ethical standards. It is often argued that accountants’ focus too much on technical issues and lack ethical sensitivity to recognise ethical dilemmas involved with their work, which would ultimately lead to making wrong decisions. Thus, accountants should be trained to be sensitive to identify the moral dimension of seemingly technical issues. The ‘Framework for International Education Standards for Professional Accountants’ (2009) published by International Accounting Education Standards Board (IAESB) of IFAC supports this notion. This framework emphasises the need to include ethics education as a core component of professional accounting education to prepare the accounting professionals to face various ethical dilemmas that they face in carrying out their duties. 3.3 Examples of ethical dilemmas 3.3.1 Misappropriation of Assets On an individual employee or personal level, the most common ethical issue in accounting is the misappropriation of assets. Misappropriation of assets is the use of company assets for any other purpose than company interests. Otherwise known as stealing or embezzlement, misappropriation of assets can occur at nearly any level of the company and to nearly any degree. For example, a senior level executive may charge a family dinner to the company as a 290 ASSURANCE business expense. At the same time, a line-level production employee may take home office supplies for personal use. In both cases, misappropriation of assets has occurred. 3.3.2 Fraudulent Financial Reporting Most accounting scandals over the last two decades have centred on fraudulent financial reporting. Fraudulent financial reporting is the misstatement of the financial statements by company management. Usually, this is carried out with the intent of misleading investors and maintaining the company's share price. While the effects of misleading financial reporting may boost the company's stock price in the short-term, there are almost always ill effects in the long run. This short-term focus on company finances is sometimes known as "myopic management." 3 Framework for ethics Ethical issues happen daily all the time to all of us until we retire to bed. We are bombarded daily with questions about whether we prosper through fraud; whether we doctor or manipulate financial statements on the direction of a boss, the morality of medical technologies that can prolong our lives, the rights of the homeless, and the fairness of our children's teachers to the diverse students in their classrooms. Dealing with these ethical issues is often perplexing. How, exactly, should we think through an ethical issue? What questions should we ask? What factors should we consider? The first step in analyzing moral issues is obvious but not always easy: Get the facts. Some moral ethical issues create controversies simply because we do not bother to check the facts. This first step, although obvious, is also among the most important and the most frequently overlooked. But having the facts is not enough. Facts by themselves only tell us what is; they do not tell us what ought to be. In addition to getting the facts, resolving an ethical issue also requires an appeal to values. Philosophers have developed five different approaches to values to deal with ethical issues. 4.1 Ethical Problem Solving These five approaches to be covered now suggest that once we have ascertained the facts, we should ask ourselves five questions when trying to resolve a moral issue: What benefits and what harms will each course of action produce, and which alternative will lead to the best overall consequences? What moral rights do the affected parties have, and which course of action best respects those rights? Which course of action treats everyone the same, except where there is a morally justifiable reason not to, and does not show favouritism or discrimination? Which course of action advances the common good? Which course of action develops moral virtues? 291 ASSURANCE This method, of course, does not provide an automatic solution to moral problems. It is not meant to. The method is merely meant to help identify most of the important ethical considerations. In the end, we must deliberate on moral issues for ourselves, keeping a careful eye on both the facts and on the ethical considerations involved. 4.1 The Utilitarian Approach Utilitarianism was conceived in the 19th century by Jeremy Bentham and John Stuart Mill to help legislators determine which laws were morally best. Both Bentham and Mill suggested that ethical actions are those that provide the greatest balance of good over evil. To analyze an issue using the utilitarian approach, we first identify the various courses of action available to us. Second, we ask who will be affected by each action and what benefits or harms will be derived from each. And third, we choose the action that will produce the greatest benefits and the least harm. The ethical action is the one that provides the greatest good for the greatest number. 4.2 The Rights Approach The second important approach to ethics has its roots in the philosophy of the 18th-century thinker Immanuel Kant and others like him, who focused on the individual's right to choose for herself or himself. According to these philosophers, what makes human beings different from mere things is that people have dignity based on their ability to choose freely what they will do with their lives, and they have a fundamental moral right to have these choices respected. People are not objects to be manipulated; it is a violation of human dignity to use people in ways they do not freely choose. Of course, many different, but related, rights exist besides this basic one. These other rights (an incomplete list below) can be thought of as different aspects of the basic right to be treated as we choose. The right to the truth: We have a right to be told the truth and to be informed about matters that significantly affect our choices. The right of privacy: We have the right to do, believe, and say whatever we choose in our personal lives so long as we do not violate the rights of others. The right not to be injured: We have the right not to be harmed or injured unless we freely and knowingly do something to deserve punishment or we freely and knowingly choose to risk such injuries. The right to what is agreed: We have a right to what has been promised by those with whom we have freely entered into a contract or agreement. In deciding whether an action is moral or immoral using this second approach, then, we must ask, does the action respect the moral rights of everyone? Actions are wrong to the extent that they violate the rights of individuals; the more serious the violation, the more wrongful the action. 4.3 The Fairness or Justice Approach The fairness or justice approach to ethics has its roots in the teachings of the ancient Greek 292 ASSURANCE philosopher Aristotle, who said that "equals should be treated equally and unequals unequally." The basic moral question in this approach is: How fair is an action? Does it treat everyone in the same way, or does it show favouritism and discrimination? Favouritism gives benefits to some people without a justifiable reason for singling them out; discrimination imposes burdens on people who are no different from those on whom burdens are not imposed. Both favouritism and discrimination are unjust and wrong. 4.4 The Common-Good Approach This approach to ethics assumes a society comprising individuals whose own good is inextricably linked to the good of the community. Community members are bound by the pursuit of common values and goals. The common good is a notion that originated more than 2,000 years ago in the writings of Plato, Aristotle, and Cicero. More recently, contemporary ethicist John Rawls defined the common good as "certain general conditions that are...equally to everyone's advantage." In this approach, we focus on ensuring that the social policies, social systems, institutions, and environments on which we depend are beneficial to all. Examples of goods common to all include affordable health care, effective public safety, peace among nations, a just legal system, and an unpolluted environment. Appeals to the common good urge us to view ourselves as members of the same community, reflecting on broad questions concerning the kind of society we want to become and how we are to achieve that society. While respecting and valuing the freedom of individuals to pursue their own goals, the common-good approach challenges us also to recognize and further those goals we share in common. 4.5 The Virtue Approach The virtue approach to ethics assumes that there are certain ideals toward which we should strive, which provide for the full development of our humanity. These ideals are discovered through thoughtful reflection on what kind of people we have the potential to become. Virtues are attitudes or character traits that enable us to be and to act in ways that develop our highest potential. They enable us to pursue the ideals we have adopted. Honesty, courage, compassion, generosity, fidelity, integrity, fairness, self-control, and prudence are all examples of virtues. A virtue is like a habit, that is, once acquired, they become characteristic of a person. Moreover, a person who has developed virtues will be naturally disposed to act in ways consistent with moral principles. The virtuous person is the ethical person. In dealing with an ethical problem using the virtue approach, we might ask, what kind of person should I be? What will promote the development of character within myself and my community? 293 ASSURANCE 4 Frameworks for Ethical decision-making It is important that ethics should concern all levels of life: acting properly as individuals, creating responsible organizations and governments, and making our society as a whole more ethical. This section covers frameworks or models that can guide to the making of ethical decisions. Decisions about right and wrong can be difficult as they may be related to individual contexts. 4.1 Ethics models Models have been developed by professional associations and philosophers. 4.1.1 American Accounting Association (AAA) model The AAA model was set out in a report by Langenderfer and Rockness in 1990. They recommended a 7 step model: Step 1 What are the facts of the case? The aim is to show clearly what is at issue. A brief summary should suffice, maybe just one sentence Step 2 What are the ethical issues in the case? These should be based on the facts Step 3 What are the norms, principles and values related to the case? This means placing the decision in its social, ethical and professional behaviour context, including considering professional codes of ethics or social expectations of the profession. Use the terminology of the ethical guidelines, for example fairness, bias and influence when discussing objectivity. Don't be afraid to use the term justice if that's most appropriate Step 4 What are the alternative courses of action? State each course without making reference at this stage to the norms, principles and values. To generate ideas, consider the issue from the points of view of the ‘guilty' party and the organisation Step 5 What is the best course of action that is consistent with the norms, principles and values identified in Step 3? Combine Steps 3 and 4 to see which options accord with the norms and which don't Step 6 What are the consequences of each possible course of action? This is to ensure that each of the outcomes are unambiguous Step 7 What is the decision? Based on the analysis in Steps 1-6 5.1.2 Tucker's 5 question model Tucker's model can also be used to determine the most ethical outcome in a particular situation, generally an ethical problem for business. It focuses on 5 key questions. Is the decision: Profitable Legal 294 ASSURANCE Fair Right Sustainable Not all of Tucker's criteria will be relevant in every situation. In addition there are complications with each of the criteria: Is the decision: Profitable? Compared with what? Use of profitability as criteria also implies the Tucker model may be more useful for business decisions than for individuals' moral dilemmas Legal? This obviously depends on the jurisdiction(s) involved Fair? In whose perspective? Need to consider who stakeholders are and impact upon them of the decision? Right? This depends on the ethical position. In particular the distinction between deontological and teleological approaches of whether account should be taken of the consequences of the transaction is significant Sustainable? Is the decision environmentally sound or sustainable in other ways? 5.1.3 Methodology There is a methodology that can be used based on the flowchart in figure 1 below. Figure 1: Flowchart for methodology of ethical decision-making 5.1.3.1 Recognising that there is an ethical question This requires thinking about how one should act and what he/she should do in a given situation. This could relate to a situation and/or a decision that a professional makes, which could be 295 ASSURANCE potentially damaging to a client or a stakeholder. Finally it could involve a choice between a good and a bad outcome. 5.1.3.2 Understanding the facts of the situation There is need to learn more about the situation including making enquiries and finding additional facts to ensure a thorough understanding of the situation. 5.1.3.3 Understanding the options available to you This level requires identification and understanding of each option available. There is also need to take into account any legislative requirements, professional standards, law and instructions, as these may influence the options. 5.1.3.4 Understanding the consequences of the options Consider how different parties will be affected by each option. These parties can include the client, employer and other advisers. It is vital to be aware that the overriding duty is always to act in the lawful and legitimate interests of the client The following questions are very important and should be asked. If I am going to act in a way that is adverse to my client’s interests in any way, am I justified in doing so? Which option will produce the most good for my client even if it will upset another person or cause me discomfort or loss? Will this require me to act in a way that will harm someone else or go against my personal beliefs or ethics? Is there a way to act that will not damage my client’s interests but will reduce or prevent harm to another person or institution? Is there a way to act that will not damage my client’s interests and will allow me to act in the way I believe is consistent with the type of adviser that I want to be? 5.1.3.5 Testing the option you plan to take This requires consideration of the possible effects of all the different options and requires an individual to reflect on and thoroughly review the option that you plan to take – in doing so, the following questions need asking: Am I feeling uncomfortable with what I am about to do? If so, why am I feeling uncomfortable about this option? Why am I making this decision? Would I be happy if this was done to me? Would I be happy explaining this to different parties? 5.1.3.6 Explaining the option you have decided on to those affected and to other interested parties Here one must act in a way that the client, or another party, may not like or may find difficult to understand. Therefore justify any actions in a logical and straightforward manner. This is because failure to explain the basis of actions one can conclude that an individual is acting on the basis of feelings or prejudices. Therefore excellent records must be kept that note the essentials 296 ASSURANCE of what the issue was, what was done to resolve it, the options that were considered and how the communication was handled on any decision that was reached. 5.1.3.7 Acting on the chosen option: This is the consideration of how the decision will be implemented as well as the actual carrying out of the decision. 5.1.3.8 Reflecting on the outcome: Finally this requires an assessment of the impact of the decision and what lessons have been learnt from this specific situation - to objectively evaluate what has happened and whether the option which had been taken worked. 5.1.4 Moral development model by Lawrence Kohlberg Kohlberg’s theory of moral development was dependent on the thinking of the Swiss psychologist Jean Piaget and the American philosopher John Dewey. He was also inspired by James Mark Baldwin. These men had emphasized that human beings develop philosophically and psychologically in a progressive fashion. Kohlberg believed...and was able to demonstrate through studies...that people progressed in their moral reasoning (i.e., in their bases for ethical behaviour) through a series of stages. He believed that there were six identifiable stages which could be more generally classified into three levels. Kohlberg's classification can be outlined in the following manner. LEVEL Pre-conventional Conventional Post-conventional STAGE SOCIAL ORIENTATION 1 Obedience and Punishment 2 Individualism, Instrumentalism, and Exchange 3 "Good boy/girl" 4 Law and Order 5 Social Contract 6 Principled Conscience Table 1: Kohlberg’s stages of moral development 297 ASSURANCE The first level of moral thinking is that generally found at the elementary school level. In the first stage of this level, people behave according to socially acceptable norms because they are told to do so by some authority figure (e.g., parent or teacher). This obedience is compelled by the threat or application of punishment. The second stage of this level is characterized by a view that right behaviour means acting in one's own best interests. The second level of moral thinking is that generally found in society, hence the name "conventional." The first stage of this level (stage 3) is characterized by an attitude which seeks to do what will gain the approval of others. The second stage is one oriented to abiding by the law and responding to the obligations of duty. The third level of moral thinking is one that Kohlberg felt is not reached by the majority of adults. Its first stage (stage 5) is an understanding of social mutuality and a genuine interest in the welfare of others. The last stage (stage 6) is based on respect for universal principle and the demands of individual conscience. While Kohlberg always believed in the existence of Stage 6 and had some nominees for it, he could never get enough subjects to define it, much less observe their longitudinal movement to it. Kohlberg believed that individuals could only progress through these stages one stage at a time. That is, they could not "jump" stages. They could not, for example, move from an orientation of selfishness to the law and order stage without passing through the good boy/girl stage. They could only come to a comprehension of a moral rationale one stage above their own. Thus, according to Kohlberg, it was important to present them with moral dilemmas for discussion which would help them to see the reasonableness of a "higher stage" morality and encourage their development in that direction. The last comment refers to Kohlberg's moral discussion approach. He saw this as one of the ways in which moral development can be promoted through formal education. Note that Kohlberg believed, as did Piaget, that most moral development occurs through social interaction. The discussion approach is based on the insight that individuals develop as a result of cognitive conflicts at their current stage. 5.2 Kohlberg versus Tucker’s 5 Question model How would different people operating at each of Kohlberg's levels of ethical reasoning view Tucker's criteria? (Kohlberg's three levels are pre-conventional, conventional and post-conventional.) The following are some suggestions although this is not comprehensive. Profitable Pre-conventional A very important criteria, as the preconventional level is based on the idea of rewards for self. Conventional Profitability may be seen as quite important depending on the local ethos – very important if the decision-maker works in a major financial centre for example. Decision-makers will also be influenced by any local requirements in company law to 298 ASSURANCE Post- conventional Surprisingly perhaps this could be a very important criteria. Equally it could have no importance if the decision-maker believes it goes against other seek profit maximisation. Legal The pre-conventional level will be more concerned with the consequences of breaking the law than its content. At the higher conventional level this will be seen as allimportant. At the lower level it may depend on the views of local society, some societies having a more relaxed view to certain laws than others. Fair The concept of fairness is likely to be interpreted as confined to fairness to the decision-maker alone. Fairness may be significant if it means fairness to others in society whose approval is sought, or fairness is a concept enshrined in law. 299 ASSURANCE concepts. Those holding the pristine capitalist viewpoint would argue that companies have a moral duty to make profits to reward the shareholders whose finance underwrites their existence. Use of monies for other purposes is effectively theft of shareholders' funds under this stance. Strangely obedience to the law may not be seen as so significant at this level. This is because postconventional viewpoint may see the law as inadequately defining ethics and thus decision-makers need to go beyond it. Alternatively some laws may be seen as immoral (for example, requiring the decisionmaker to swear allegiance to a cause with which he disagrees). Fairness may well be a key ethical concept, but fairness to whom may be a difficult issue, dependent on who are seen as legitimate stakeholders. Right The consequences of being caught doing wrong are more likely to be an issue than whether the decision is actually right. The decision-maker will see what is right as significant, but he will see as right defined by others in his local society or right as enshrined in law. The decision-maker may not be able to supply his own definition of what is right. Sustainable Again the consequences for the decision-maker rather than anyone else will be paramount. This depends on how sustainability is viewed in the decision-maker's local environment, or the importance given to it in law. The campaigns conducted by many organisations internally to improve sustainability awareness are perhaps an acknowledgement that many of their employees are taking decisions at this level. Thus the organisations are trying to change the ethos to make employees behave in a more socially responsible way. End of chapter questions a) Define personal ethics b) What is an ethical dilemma? c) Explain the importance of personal ethics to an assurance practitioner 300 ASSURANCE Right will always important for postconventional decisionmakers. Remember though the distinction between the two levels at this stage. Right may be as defined by the decision-maker's society's ethics or it may be outside society's ethics. Sustainability may well be a key ethical concept that post-conventional decision-makers, although what sustainability means exactly may cause problems. CHAPTER 17: CODE OF ETHICS Topic Lists 1. Introduction; 2. Importance of a code of ethics; 3. Code of ethics and code of conduct; 4. Corporate code of ethics and professional ethics; 5. Rules-based and principles-based guidance; 6. Fundamental principles; 7. Ethical threats to compliance with the Fundamental principles for accountants in practice; 8. Ethical conflict resolution; 9. Problems facing accountants in business; 10. The accountancy profession and the public interest; and 11. End of chapter questions. Learning Outcomes By the end of this chapter, students should be able to: Explain the importance of code of ethics; Distinguish code of ethics from code of conduct; Differentiate corporate code of ethics from professional code of ethics; Resolve ethical problems; Explain threats to compliance with fundamental principles for accountants in practice; Appreciate problems facing accountants in business. 301 ASSURANCE 17.1 Introduction Code of ethics is of critical importance to accounting professionals. If you may recall one reason people seek assurance from accountants is that they are independent and impartial people. This is part of their code of ethics. Ethical issues are important for all accountants, from trainees to partners. This chapter examines how organisations and professional bodies encourage ethical behaviour. Corporate codes are covered first in terms of their contents and impact. There is need to know the main features of professional codes. Here a comparison is set regarding governance codes, that is, whether the codes should be ‘rules-based’ or ‘principles-based. Independence issues are covered in detail mainly those that affect practising accountants. Next the role of accountants in business and the ethical problems that they face and focus on bribery and corruption is covered in this chapter as well. Finally the wider context of the requirement that professional accountants must serve in the public interest is covered. Emphasis is placed on defining an acceptable position for the accountancy profession as practicality of this issue has proved very difficult, partly because of the varying definition of public interest, and how much weight to give the interests of different stakeholders. 1 Importance of a code of ethics Accountancy profession has a noble responsibility of serving the public interest. This requires professional accountants to consider this public interest and maintain the reputation of the accounting profession. Personal self-interest must not prevail over these duties. The IFAC codes of Ethics help accountants to meet these obligations by setting out ethical guidance to be followed. Acting in the public interest involves having regard to the legitimate interests of clients, government, financial institutions, employees, investors, the business and financial community and others who rely upon the objectivity and integrity of the accounting profession to support the propriety and orderly functioning of business activity Accountants deal with a range of issues on behalf of clients. They often have access to confidential and sensitive information. Auditors (and other assurance providers) claim to give an independent view. It is therefore critical that accountants (particularly those giving assurance) are independent. Compliance with a shared set of ethical guidelines gives protection to accountants as well, as they cannot be accused of behaving differently from (that is, less well than) other accountants. Therefore following a code of ethics serve as a tool for preventing possible offences and conflict situations, as well as developing a corporate culture based on high ethical standards. 302 ASSURANCE 2 Code of ethics and code of conduct 2.1 Code of Ethics A code of ethics is a document containing guidelines that outlines a set of principles that affect decision-making. For example, a code of ethics might stipulate that a company is committed to environmental protection and green initiatives, as well as networking etc. The expectation is that individual employees, when faced with the option, will select the greenest solution so that company should be seen to be environmentally responsible. 2.2 Code of Conduct A code of conduct is a guideline, which outlines specific behaviours that are required or prohibited as a condition of ongoing employment. A code of conduct might forbid sexual harassment, racial intimidation or viewing inappropriate or unauthorized content on company computers. These are rigorous standards that usually are tightly enforced by company leaders. 2.3 The impact of codes of conduct A code of conduct can set out the company's expectations, and in principle a code such as that outlined above addresses many of the problems that the organisations may experience. However, merely issuing a code is not enough. (a) (b) (c) (d) (e) The commitment of senior management to the code needs to be real, and it needs to be very clearly communicated to all staff. Staff need to be persuaded that expectations really have changed. Measures need to be taken to discourage previous behaviours that conflict with the code. Staff need to understand that it is in the organisation's best interests to change behaviour, and become committed to the same ideals. Some employees – including very able ones – may find it very difficult to buy into a code that they perceive may limit their own earnings and/or restrict their freedom to do their job. In addition to a general statement of ethical conduct, more detailed statements (codes of practice) will be needed to set out formal procedures that must be followed. 2.3.1 Problems with codes of conduct Inflexibility: Inflexible rules may not be practical. One example would be a prohibition on accepting gifts from customers. A simple prohibition that would be quite acceptable in a Western context would not work in other cultures, where non-acceptance might be seen as insulting. Clarity: It is difficult to achieve completely unambiguous wording. Irrelevancy: Surveys suggest that ethical codes are often perceived as irrelevant, for the following reasons: (i) They fail to say anything about the sort of ethical problems that employees encounter. (ii) Other people in the organisation pay no attention to them. 303 ASSURANCE (iii) They are inconsistent with the prevailing organisational culture. (iv) Senior managers' behaviour is not seen as promoting ethical codes. Senior managers rarely blatantly fail to comply; rather they appear out-of-touch on ethics because they are too busy or unwilling to take responsibility. Identity and values guidance Corporate ethical codes are often rather legalistic documents, consisting largely of prohibitions on specific undesirable actions such as the acceptance of gifts from suppliers. More general guidance with an emphasis on principles may be more appropriate. Identity and values programmes describe corporate values without specifying in detail what they mean. Rather than highlighting compliance with negatives they promote positive values about the company and form part of its culture. (Compliance programmes are about limiting legal and public relations disasters.) Even so, they need to be integrated with a company's values and leadership. Other measures: To be effective, ethical guidance needs to be accompanied by positive attempts to foster guiding values, aspirations and patterns of thinking that support ethically sound behaviour – in short a change of culture. Increasingly organisations are responding to this challenge by devising ethics training programmes for the entire workforce, instituting comprehensive procedures for reporting and investigating ethical concerns within the company, or even setting up an ethics office or department to supervise the new measures. 2.3 Similarities and differences between codes of ethics and conduct Both codes are similar as they attempt to encourage specific forms of behaviour by employees or professionals with certain expertise. Ethics guidelines attempt to provide guidance about values and choices to influence decision-making, whereas conduct regulations assert that some specific actions are appropriate or inappropriate The codes attempt to regulate behavior in very different ways. Ethical standards generally are wide-ranging and non-specific, designed to provide a set of values or decision-making approaches that enable employees to make independent judgments about the most appropriate course of action. Conduct standards generally require little judgment; you obey or incur a penalty, and the code provides a fairly clear set of expectations about which actions are required, acceptable or prohibited. 3 Corporate code of ethics and professional code of ethics 3.1 Corporate code of ethics Corporate codes of ethics are guidelines in which companies set out their values and responsibilities towards stakeholders. An ethical code typically contains a series of statements setting out the organisation's values and explaining how it sees its responsibilities towards stakeholders. The existence of these codes is an indication that business organisations have 304 ASSURANCE ethical standards. Each company needs its own type of code to reflect the national culture, the sector culture, and the exact nature of its own structure. The nature of the codes is changing. NatWest's code, for example, tries to do much more than simply set out a list of virtues. Its programme involves not only the production of a code, but a dedicated effort to teach ethics, and a system by which the code can be audited and monitored. For example, it has installed a 'hot-line' and its operation is monitored by internal auditors. The board of NatWest wanted it to be confidential – within the confines of legal and regulatory requirements – and the anonymity of 'whistle-blowers' has been strictly maintained. The code contains relevant and straightforward advice. For example: 'In recognising that we are a competitive business, we believe in fair and open competition and, therefore, obtaining information about competitors by deception is unacceptable. Similarly, making disparaging comments about competitors invariably invites disrespect from customers and should be avoided.' 3.1.1 Measuring effectiveness of a company’s policy on ethics The ethical stance of a company is supported by its policy. There can be a number of ways of measuring the effectiveness of a company’s policy on ethics. Some of the ways include training effectiveness measures; how breaches of the code are dealt with; Activity in the ethics office (if there is one) and public perceptions of the company. 3.1.2 Features of corporate code of ethics A code of corporate ethics has the following features They focus on regulating individual employee behaviour. They are formal documents. They cover specific areas such as gifts, anti-competitive behaviour and so on. Employees may be asked to sign that they will comply. They may be developed from third party codes (eg regulators) or use third parties for monitoring. They tend to mix moral with technical imperatives. Sometimes they do little more than describe current practices. They can be used to shift responsibility (from senior managers to operational staff). 3.1.3 Purposes of code of ethics (a) Establishment of organisation’s values Ethical codes form part of the organisation’s underlying environment. They develop and promote values that are linked to the organisation’s mission statement. (b) Promotion of stakeholder responsibilities Codes also demonstrate whom the organisation regards as important stakeholders. They show what action should be taken to maintain good stakeholder relationships (such as keeping them 305 ASSURANCE fully informed). They can show external stakeholders that they are dealing with people who do business fairly. Drafting parts of the code to comply with customer wishes demonstrates that businesses are responsive to customers. (c) Control behaviour of an individual By promoting or prohibiting certain actions, ethical codes form part of the human resources mechanisms by which employee behaviour is controlled. All staff should be aware of the importance of the ethical code and it should be referred to when employee actions are questioned. (d) Promotion of business objectives Codes can be an important element in a company’s strategic positioning. Taking a strong stance on responsibility and ethics and earning a good ethical reputation can enhance appeal to consumers in the same way as producing the right products of good quality can. (e) Conveying values to stakeholders The code is a communications device, not only acting to communicate between partners and staff, but also increasing the transparency of the organisation’s dealings with its stakeholders. 3.1.4 Example of code of ethics The statements that companies include in the codes are as follows The company conducts all of its business on ethical principles and expects staff to do likewise. Employees are seen as the most important component of the company and are expected to work on a basis of trust, respect, honesty, fairness, decency and equality. The company will only employ people who follow its ethical ideals. Customers should be treated courteously and politely at all times, and the company should always respond promptly to customer needs by listening, understanding and then performing to the customer requirements. The company is dedicated to complying with legal or regulatory standards of the industry, and employees are expected to do likewise. The company's relationship with suppliers and subcontractors must be based on mutual respect. The company therefore has responsibilities including ensuring fairness and truthfulness in all of its dealings with suppliers including pricing and licensing, fostering long-term stability in the supplier relationship, paying suppliers on time and in accordance with agreed terms of trade and preferring suppliers and subcontractors whose employment practices respect human dignity. 306 ASSURANCE The company has a responsibility to: foster open markets for trade and investment, promote competitive behaviour that is socially and environmentally beneficial and demonstrates mutual respect among competitors, and refrain from either seeking or participating in questionable payments or favours to secure competitive advantages. A business should protect and, where possible, improve the environment, promote sustainable development, and prevent the wasteful use of natural resources. The company has a responsibility in the community to: respect human rights and democratic institutions, and promote them wherever practicable, recognise government's legitimate obligation to the society at large and support public policies and practices that promote human development through harmonious relations between business and other segments of society, collaborate with those forces in the community dedicated to raising standards of health, education, workplace safety and economic well-being, respect the integrity of local cultures, and be a good corporate citizen through charitable donations, educational and cultural contributions and employee participation in community and civic affairs. 3.2 Professional code of ethics Professional code of ethics is a document which outlines the mission and values of the business or organization, how professionals are supposed to approach problems, the ethical principles based on the organization's core values and the standards to which the professional will be held. Professional codes of ethics apply to the individual behaviour of professionals and are often based on principles, supplemented by guidance on threats and safeguards. 3.2.1 Contents of professional codes The IFAC Code of Ethics in 2009 is a good illustration of how codes not just for accountants but for other professionals are constructed: (a) (b) (c) The Code begins by stating that it reflects the acceptance by the accountancy profession of the responsibility to act in the public interest. The detailed guidance begins with establishment of fundamental principles of ethics. The guide then supplies a conceptual framework that requires accountants to identify, evaluate and address threats to compliance, applying safeguards to eliminate the threats or to reduce them to an acceptable level. 3.2.2 Advantages of professional codes IFAC suggests that requiring use of a principles-based framework rather than a set of specific rules is in the public interest for the following reasons: (a) Codes represent a clear statement that professionals are expected to act in the public interest, and act as a benchmark against which behaviour can be judged. They should thus enhance public confidence in the professions. 307 ASSURANCE (b) Codes emphasise the importance of professionals considering ethical issues actively and seeking to comply, rather than only being concerned with avoiding what is forbidden. (c) ACCA and IFAC codes state that they can be applied internationally. Local differences are not significant. (d) Codes can include detailed guidance, which should assist ethical decision-making. (e) Codes can include explicit prohibitions if necessary. (f) Codes prescribe minimum standards of behaviour that are expected. 3.2.3 Disadvantages of professional codes (a) Professional codes, with their identification of many different situations, can lose focus on key issues. (b) Evidence suggests that some treat codes as a set of rules to be complied with and 'boxticked'. (c) International codes such as the IFAC code cannot fully capture regional variations in beliefs and practice. (d) The value of international codes may be limited by their not being legally enforceable around the world (although ACCA can enforce sanctions against members for serious breaches). (e) Illustrative examples can be interpreted mistakenly as rules to follow in similar circumstances. (f) Giving a lot of illustrative examples in codes may give the impression that ethical considerations are primarily important only when accountants are facing decisions illustrated in the codes. They may downplay the importance of acting ethically when facing decisions that are not clearly covered in the codes. 4 Rules-based and principles-based guidance 4.1 Principles based codes Principles-based codes are guidelines that move away from reliance on detailed, prescriptive rules and relying more on high-level, broadly stated rules or principles to set the standards by which regulated firms must conduct business as well as professional experts must conduct themselves. 4.1.1 Characteristics of principles-based codes They are drafted at a high level of generality, with the intention that they should be overarching requirements that can be applied flexibly to a rapidly changing industry. They contain terms that are qualitative not quantitative They are purposive, expressing the reason behind the rule. They have very broad application to a diverse range of circumstances. The Principles are largely behavioural standards – they are concerned with, for example, the “integrity”, “skill care and diligence” and “reasonable care” with which authorised firms or approved persons conduct and organise their businesses and the fairness with which they treat customers and 308 ASSURANCE manage conflicts of interest. It follows that breach of a Principle must involve an element of fault Breach of the Principles can be sanctioned through public (but not private) enforcement action. 4.1.2. Advantages of principles-based guidance IFAC suggests that requiring use of a principles-based framework rather than a set of specific rules is in the public interest for the following reasons: (a) It places the onus on the professional to consider actively relevant issues in a given situation, rather than just agreeing action with a checklist of forbidden items. It also requires him to demonstrate that a responsible conclusion has been reached about ethical issues. (b) It prevents professionals interpreting legalistic requirements narrowly to get around the ethical requirements. There is an extent to which rules engender deception, whereas principles encourage compliance. (c) It allows for variations that are found in every individual situation. Each situation is likely to be different. (d) It can accommodate a rapidly changing environment, such as the one in which auditors are. (e) It can include examples to illustrate how the principles are applied. 4.1.3 Disadvantages of principles-based guidance (a) As ethical codes cannot include all circumstances and dilemmas, accountants need a very good understanding of the underlying principles. (b) A principles–based code can be difficult to enforce legally, unless the breach of the code is blatant. Most are therefore voluntary and perhaps therefore less effective. 4.2 Rules-based codes 4.2.1 Meaning of rule-based codes Rules-based codes set those guidelines in the form of detailed rules. It is therefore very specific but also very complicated because many rules are needed to cover the numerous situations accountants face when discharging their duties. 4.2.2 Characteristics of a rules-based approach 309 ASSURANCE (a) Emphasis on achievements Rules-based systems place more emphasis on definite achievements rather than underlying factors and control systems. (b) Compulsory compliance Rules-based approaches allow no leeway. The key issue is whether or not you have complied with the rules. There is no flexibility for different circumstances, for organisations of varying size or in different stages of development. (c) Visibility of compliance It should in theory be easy to see whether there has been compliance with the rules. Comparison between companies should be straightforward. However that depends on whether the rules are unambiguous, and the clarity of evidence of compliance or non-compliance). (d) Limitations of rules Enforcers of a rules-based approach (regulators, auditors) may find it difficult to deal with questionable situations that are not covered sufficiently in the rulebook. This was a problem with Enron. The company kept a number of its financial arrangements off its balance sheet. Although this approach can be seen as not true and fair, Enron could use it because it did not breach the accounting rules then in existence in America. Keeping legislation up-to-date to keep loopholes closed is a reactive and probably costly process. (e) Criminal sanctions Rules-based approaches place great emphasis on obeying the letter of the law rather than the spirit. Serious breaches will be penalised by criminal sanctions. 4.2.3 Limitations of rule-based codes Rules are an integral part of regulation, but they are not a perfect regulatory instrument. All written rules, Principles or standards have the following limitations: Rules are just a “best guess” as to the future. The rule-maker has to anticipate how the rule will be applied in the future: new situations may arise that were not expected/known about when the rule was written, and the rule may be interpreted and applied in ways that were not intended or anticipated by the writer. Rules are never perfectly congruent with their purpose – they are always over-inclusive and under-inclusive. Rules are inevitably either under-inclusive, failing to catch things that the rulemaker might want to catch, and/or over-inclusive, catching things that the rule-maker might not want to catch when applied to particular sets of circumstances. The question is how to minimise (rather than avoid) these problems, and whether it is preferable to exclude conduct that should be included if the objectives are to be served, or to include conduct that should be excluded. Whether a rule is clear or certain depends on shared understandings. Just looking at a rule does not tell us whether it is certain. Saying that a contract requires “consideration” may be clear to a lawyer, but is far from clear to a non-lawyer. Whether or not a rule is “certain” depends not so much on whether it is detailed or general, but whether all those applying the rule (regulator, 310 ASSURANCE regulated firm, court/tribunal) agree on what the rule means. How a rule affects behaviour does not depend solely on the rule. 5 Fundamental principles These principles are designed to ensure that the accountant fulfils the public interest and meets the expectations of society. The fundamental principles are: (a) Professional competence and due care Members have a continuing duty to maintain professional knowledge and skill at a level required to ensure that a client or employer receives competent professional service based on current developments in practice, legislation and techniques. Members should act diligently and in accordance with applicable technical and professional standards when providing professional services. (b) Integrity Members should be straightforward and honest in all business and professional relationships. (c) Professional behaviour Members should comply with relevant laws and regulations and should avoid any action that discredits the profession. (d) Confidentiality Members should respect the confidentiality of information acquired as a result of professional and business relationships and should not disclose any such information to third parties without proper or specific authority or unless there is a legal or professional right or duty to disclose. Confidential information acquired as a result of professional and business relationships should not be used for the personal advantage of members or third parties. (e) Objectivity Members should not allow bias, conflicts of interest or undue influence of others to override professional or business judgements. 6 Ethical threats to compliance with the Fundamental principles for accountants in practice Both IFAC and ACCA identify certain ethical threats to compliance with the Fundamental principles. (1) Self-interest Definition: Financial or other interests of a professional accountant or of an immediate family member inappropriately influence judgement or behaviour 311 ASSURANCE Example: Having a financial interest in a client (2) Self-review Definition: Evaluation of a judgement by the accountant who made the judgement, or a member of the same organisation Example: Auditing financial statements prepared by the firm (3) Advocacy Accountant promoting a position or opinion to the point where objectivity may be compromised Example: Advocating the client's case in a lawsuit (4) Familiarity A close relationship resulting in excessive trust in, or sympathy for, others Example: Audit team member having family at the client (5) Intimidation Accountant not acting objectively because of actual or perceived pressures Example: Threats of replacement due to disagreement 6.1 Ethical safeguards for accountants in practice There are two general categories of ethical safeguard identified in the IFAC and ACCA guidance: Safeguards created by the profession, legislation or regulation Safeguards within the assurance client/the firm's own systems and procedures 6.1.1 Examples of ethical safeguards created by the profession, legislation or regulation Educational training and experience requirements for entry into the profession Continuing professional development requirements Corporate governance regulations Professional standards Professional or regulatory monitoring and disciplinary procedures IFAC issues ethical standards, quality control standards and auditing standards that work together to ensure independence is safeguarded and quality audits are carried out. 6.1.2 Examples of ethical safeguards in the firm's own systems and procedures If ACCA members work for an accountancy practice, the firm should have the following safeguards in in relation to the firm. The firm’s leadership stressing compliance with fundamental principles Leadership of the firm establishing the expectation that employees will act in the public interest Quality control policies and procedures 312 ASSURANCE Documented policies on identification and evaluation of threats and identification and application of safeguards Documented policies covering independence threats and safeguards in relation to assurance engagements Documented internal procedures requiring compliance with fundamental principles Policies and procedures enabling identification of interests and relationships between the firm’s team and clients Policies and procedures to manage reliance on revenue from a single client Using different teams for non-assurance work Prohibiting individuals who are not team members from influencing the outcome of the engagement Timely communication of policies and procedures and appropriate training and education Designating a senior manager to be responsible for overseeing quality control Advising staff of independence requirements in relation to specific clients Disciplinary measures Promotion of communication by staff to senior management of any ethical compliance issue that concerns them There should also be safeguards relating to specific assignments: Involving an additional professional accountant to review the work done or otherwise advise as necessary Consulting an independent third party, such as a committee of independent directors, a professional regulatory body or another professional accountant Rotating senior personnel Discussing ethical issues with those in charge of client governance Disclosing to those charged with governance the nature of services provided and extent of fees charged Involving another firm to perform or re-perform part of the engagement Rotating senior assurance team personnel However if these safeguards are ineffective, the professional accountant may have to seek legal advice or resign. 7 Ethical conflict resolution The IFAC Code states that firms should have established policies to resolve conflict and should follow those established policies. Professional accountants should consider: The facts The ethical issues involved Related fundamental principles Established internal (firm) procedures Alternative courses of action, considering the consequences of each 313 ASSURANCE 7.1 Ethical codes and Kohlberg's guidance One key aim of a principles-based ethical code is in effect to move subjects to levels of reasoning as defined in Kohlberg's framework. The principles are meant to provide ideals towards which ethical decisions should aspire. The emphasis in the code that the examples given are not a comprehensive list of every situation that could be affected by the code indicates the expectation that the code is aiming beyond giving examples of common situations in which individuals follow set behaviour. It is aiming to encourage individuals to make their own ethical judgements. 7.2 Responsibilities to employer and responsibilities as a professional Clearly there is a lot of overlap between an accountant's employment and professional responsibilities. The professional body and (hopefully) the employer would expect the accountant to act with integrity and probity. Both would require the accountant to act with diligence and due care. There may however be conflict in the following areas: (a) Confidentiality Confidentiality may be a major issue. An employer will wish for the employee to respect confidentiality about all sensitive matters both during and after the period of employment. Confidentiality is a professional duty too. However the accountants may, in the public interest, have to report an errant employer to the relevant authorities. (b) Interests served The employer may wish the accountant to put shareholder and commercial interests above all others. The accountant however may believe that a duty is owed to a wider stakeholder group. (c) Organisational vs professional norms Accountants may be said to owe a general duty to 'fit in', be part of a team and behave in ways that are in accordance with the organisational culture of their employer. However as members of a professional accounting body, accountants owe a duty to act in accordance with the norms of that body, including its stress on professional behaviour. These may not be in line with the employer’s culture. (d) Requirement for obedience The employer may require obedience to its wishes even if it appears to conflict with the accountants’ professional duties. Independence and conflicts of interest Independence IFAC lists examples of threats to independence and applicable safeguards. 314 ASSURANCE Independence is most important for accountants acting as auditors and assurance providers for the following reasons: (a) Reliability of financial information Corporate governance reports have highlighted reliability of financial information as a key aspect of corporate governance. Shareholders and other stakeholders need a trustworthy record of directors' stewardship to be able to take decisions about the company. Assurance provided by independent auditors is a key quality control on the reliability of information. (b) Credibility of financial information An unqualified report by independent external auditors on the accounts should give them more credibility, enhancing the appeal of the company to investors. It should represent the views of independent experts, who are not motivated by personal interests to give a favourable opinion on the annual report. (c) Value for money of audit work Audit fees should be set on the basis of charging for the work necessary to gain sufficient audit assurance. A lack of independence here seems to mean important audit work may not be done, and the shareholders are not receiving value for the audit fees. (d) Threats to professional standards A lack of independence may lead to a failure to fulfill professional requirements to obtain enough evidence to form the basis of an audit opinion, here to obtain details of a questionable material item. Failure by auditors to do this undermines the credibility of the accountancy profession and the standards it enforces. Self-interest threat The ACCA Code of Ethics and Conduct highlights a great number of areas in which a selfinterest threat to independence might arise. 8.2.1 Financial interests Financial interests exist where an audit firm has a financial interest in a client's affairs, for example, the audit firm owns shares in the client, or is a trustee of a trust that holds shares in the client. A financial interest in a client constitutes a substantial self-interest threat. According IFAC, the parties listed below are not allowed to own a direct financial interest or an indirect material financial interest in a client: The assurance firm Partners in the same office as the engagement partner (and their immediate families) A member of the assurance team An immediate family member of a member of the assurance team 315 ASSURANCE The following safeguards will therefore be relevant: Disposing of the interest Removing the individual from the team if required Keeping the client's audit committee informed of the situation Using an independent partner to review work carried out if necessary Close business relationships Examples of when a firm and client have an inappropriately close business relationship include: Having a material financial interest in a joint venture with the assurance client Arrangements to combine one or more services or products of the firm with one or more services or products of the assurance client and to market the package with reference to both parties Distribution or marketing arrangements under which the firm acts as distributor or marketer of the assurance client's products or services or vice versa Again, it will be necessary to judge the materiality of the interest and therefore its significance. However, unless the interest is clearly insignificant, an assurance provider should not participate in such a venture with a client. Appropriate safeguards are therefore to end the assurance provision or to terminate the (other) business relationship. Employment with client It is possible that staff might transfer between a firm and a client, or those negotiations or interviews to facilitate such movement might take place. Both situations are a threat to independence: An audit staff member might be motivated by a desire to impress a future possible employer (objectivity is therefore affected) A former partner turned Finance Director has too much knowledge of the audit firm's systems and procedures The extent of the threat to independence depends on various factors, such as the role the individual has taken up at the client, the extent of his influence on the audit previously, the length of time that has passed between the individual's connection with the audit and the new role at the client. Various safeguards might be considered: Considering modifying the assurance plan Ensuring the audit is assigned to someone of sufficient experience as compared with the individual who has left Involving an additional professional accountant not involved with the engagement to review the work done Carrying out a quality control review of the engagement In respect of audit clients, ethical guidance states that a partner should not accept a key management position at an audit client until at least two years have elapsed since the conclusion 316 ASSURANCE of the audit he was involved with. An individual who has moved from the firm to a client should not be entitled to any benefits or payments from the firm unless these are made in accordance with pre-determined arrangements. A firm should have procedures setting out that an individual involved in serious employment negotiations with an audit client should notify the firm and that this person would then be removed from the engagement. Partner on client board A partner or employee of an audit/assurance firm should not serve on the board of an assurance client. It may be acceptable for a partner or an employee of an assurance firm to perform the role of company secretary for an assurance client, if the role is essentially administrative (however don't forget the increased emphasis on the role of the company secretary in governance reports, aiming to enhance the secretary's role to go beyond routine administrative tasks). Family and personal relationships Family or close personal relationships between assurance firm and client staff could seriously threaten independence. Each situation has to be evaluated individually. Factors to consider are: The individual's responsibilities on the assurance engagement The closeness of the relationship The role of the other party at the assurance client When an immediate family member of a member of the assurance team is a director, an officer or an employee of the assurance client in a position to exert direct and significant influence over the assurance engagement, the individual should be removed from the assurance team. The audit firm should also consider whether there is any threat to independence if an employee who is not a member of the assurance team has a close family or personal relationship with a director, an officer or an employee of an assurance client. A firm should have quality control policies and procedures under which staff should disclose if a close family member employed by the client is promoted within the client. Gifts and hospitality Unless the value of the gift/hospitality is clearly insignificant, a firm or a member of an assurance team should not accept it. It clearly threatens objectivity. In addition there may also be an intimidation threat if there is a suggestion that the receipt of the gift will be made public. .2.7 Loans and guarantees The advice on loans and guarantees falls into two categories: The client is a bank or other similar institution Other situations If a lending institution client lends an immaterial amount to an audit firm or member of assurance team on normal commercial terms, there is no threat to independence. If the loan were material it would be necessary to apply safeguards to bring the risk to an acceptable level. A suitable safeguard is likely to be an independent review (by a partner from another office in the firm). 317 ASSURANCE Loans to members of the assurance team from a bank or other lending institution client are likely to be material to the individual, but provided that they are on normal commercial terms, these do not constitute a threat to independence. However an audit firm or individual on the assurance engagement should not enter into any loan or guarantee arrangement with a client that is not a bank or similar institution. 8.2.8 Overdue fees In a situation where there are overdue fees, the auditor runs the risk of, in effect, making a loan to a client, whereupon the guidance above becomes relevant. Audit firms should guard against fees building up and being significant by discussing the issues with the audit committee or others involved in governance, and, if necessary, the possibility of resigning if overdue fees are not paid. 8.2.9 Percentage or contingent fees Contingent fees are fees calculated on a predetermined basis relating to the outcome or result of a transaction or the result of the work performed. Ethical guidelines state that a firm should not enter into any fee arrangement for an assurance engagement under which the amount of the fee is contingent on the result of the assurance work or on items that are the subject matter of the assurance engagement. It would also usually be inappropriate to accept a contingent fee for non-assurance work from an assurance client. 8.2.10 High percentage of fees A firm should be alert to the situation arising where when the total fees generated by an assurance client represent a large proportion of a firm's total fees. Factors such as the structure of the firm and the length of time it has been trading will be relevant in determining whether there is a threat to independence. It is also necessary to beware of situations where the fees generated by an assurance client are a large proportion of the revenue of an individual partner. Safeguards in these situations might include: Discussing the issues with the audit committee Taking steps to reduce the dependency on the client Obtaining external/internal quality control reviews Consulting a third party such as IFAC Ethical guidance states that the public may perceive that a member's objectivity is likely to be in jeopardy where the fees for audit and recurring work paid by one client or group of connected clients exceed 15% of the firm's total fees. Where the entity is listed or public interest, this figure should be 10%. 318 ASSURANCE It will be difficult for new firms establishing themselves to keep within these limits and firms in this situation should make use of the safeguards outlined. 8.2.11 Lowballing When a firm quotes a significantly lower fee level for an assurance service than would have been charged by the predecessor firm, there is a significant self-interest threat. If the firm's tender is successful, the firm must apply safeguards such as: Maintaining records such that the firm is able to demonstrate that appropriate staff and time are spent on the engagement Complying with all applicable assurance standards, guidelines and quality control procedures 8.2.12 Recruitment Recruiting senior management for an assurance client, particularly those able to affect the subject matter of an assurance engagement creates a self-interest threat for the assurance firm. Assurance providers must not make management decisions for the client. Their involvement could be limited to reviewing a shortlist of candidates, providing that the client has drawn up the criteria by which they are to be selected. 8.3 Self-review threat The key area in which there is likely to be a self-review threat is where an assurance firm provides services other than assurance services to an assurance client (providing multiple services). There is a great deal of guidance in the IFAC rules about various other services accountancy firms might provide to their clients, and these are dealt with below. The distinction between listed companies, or public limited companies, and private companies is perceived to be an important issue in the question of providing other services to clients. Public interest companies are those that for some reason (size, nature, product) are in the 'public eye'. Auditors should treat these as if they are listed companies. In the United States the Sarbanes-Oxley rules concerning auditor independence for listed companies state that an accountant is not independent if they provide certain non-audit services to an audit client. The relevant services are: Bookkeeping Financial information systems design and implementation Appraisal or valuation services or fairness opinions Actuarial services Internal audit services Management functions Human resources Broker-dealer services 319 ASSURANCE Legal services 8.3.1 Recent service with an assurance client Ethical guidance focuses on individuals who have been a director or officer of the client, or an employee in a position to exert direct and significant influence over the subject matter information of the assurance engagement in the period under review or the previous two years to the assurance team. If an individual had been closely involved with the client prior to the time limits set out above, the assurance firm should consider the threat to independence arising and apply appropriate safeguards, such as: Obtaining a quality control review of the individual's work on the assignment Discussing the issue with the audit committee 8.3.2 General services For assurance clients, accountants are not allowed to: Authorise, execute or consummate a transaction Determine which recommendations should be implemented Report in a management capacity to those charged with governance Having custody of an assurance client's assets, supervising client employees in the performance of their normal duties, and preparing source documents on behalf of the client also pose significant self-review threats which should be addressed by safeguards. These could be: Ensuring non assurance team staff are used for these roles Involving an independent professional accountant to advise Quality control policies on what staff are and are not allowed to do for clients Making appropriate disclosures to those charged with governance Resigning from the assurance engagement 8.3.3 Preparing accounting records and financial statements There is clearly a significant risk of a self-review threat if a firm prepares accounting records and financial statements and then audits them. On the other hand auditors routinely assist management with the preparation of financial statements and give advice about accounting treatments and journal entries. Therefore, assurance firms must analyse the risks arising and put safeguards in place to ensure that the risk is at an acceptable level. Safeguards include: Using staff members other than assurance team members to carry out work Obtaining client approval for work undertaken The rules are more stringent when the client is listed or public interest. Firms should not prepare accounts or financial statements for listed or public interest clients, unless an emergency arises. 320 ASSURANCE For any client, assurance firms are also not allowed to: Determine or change journal entries without client approval Authorise or approve transactions Prepare source documents 8.3.4 Valuation services A valuation comprises the making of assumptions with regard to future developments, the application of certain methodologies and techniques, and the combination of both in order to compute a certain value, or range of values, for an asset, a liability or for a business as a whole. If an audit firm performs a valuation for which will be included in financial statements audited by the firm, a self-review threat arises. Audit firms should not carry out valuations on matters that will be material to the financial statements. If the valuation is for an immaterial matter, the audit firm should apply safeguards to ensure that the risk is reduced to an acceptable level. Matters to consider when applying safeguards are the extent of the audit client's knowledge of the relevant matters in making the valuation and the degree of judgement involved, how much use is made of established methodologies and the degree of uncertainty in the valuation. Safeguards include: Second partner review Confirming that the client understands the valuation and the assumptions used Ensuring the client acknowledges responsibility for the valuation Using separate personnel for the valuation and the audit 8.3.5 Taxation services The provision of taxation services is generally not seen to impair independence. 8.3.6 Internal audit services A firm may provide internal audit services to an audit client in most jurisdictions, but not in America under Sarbanes-Oxley. However, it should ensure that the client acknowledges its responsibility for establishing, maintaining and monitoring the system of internal controls. It may be appropriate to use safeguards such as ensuring that an employee of the client is designated as responsible for internal audit activities and that the board or audit committee approve all the work that internal audit does. 8.3.7 Corporate finance Certain aspects of corporate finance will create self-review threats that cannot be reduced to an acceptable level by safeguards. Therefore, assurance firms are not allowed to promote, deal in or underwrite an assurance client's shares. They are also not allowed to commit an assurance client to the terms of a transaction or consummate a transaction on the client's behalf. 321 ASSURANCE Other corporate finance services, such as assisting a client in defining corporate strategies, assisting in identifying possible sources of capital and providing structuring advice may be acceptable in jurisdictions other than the USA, providing that safeguards are in place, such as using different teams of staff, and ensuring no management decisions are taken on behalf of the client. 8.3.8 Other services The audit firm might sell a variety of other services to audit clients, such as: IT services Temporary staff cover Litigation support Legal services The assurance firm should consider whether there are any barriers to independence. Examples include the firm being asked to design internal control IT systems, which it would then review as part of its audit, or the firm being asked to provide an accountant to cover the chief accountant's maternity leave. The firm should consider whether the threat to independence could be reduced by appropriate safeguards. Again the rules in America are stricter than elsewhere. 8.4 Advocacy threat An advocacy threat arises in certain situations where the assurance firm is in a position of taking the client's part in a dispute or somehow acting as their advocate. The most obvious instances of this would be when a firm offered legal services to a client and, say, defended them in a legal case or provided evidence on their behalf as an expert witness. An advocacy threat might also arise if the firm carried out corporate finance work for the client, for example, if the audit firm was involved in advice on debt reconstruction and negotiated with the bank on the client's behalf. As with the other threats above, the firm has to appraise the risk and apply safeguards as necessary. Relevant safeguards might be using different departments in the firm to carry out the work and making disclosures to the audit committee. Remember, the ultimate option is always to withdraw from an engagement if the risk to independence is too high. 8.5 Familiarity threat A familiarity or association threat is where independence is jeopardised by the audit firm and its staff becoming over familiar with the client and its staff. There is a substantial risk of loss of professional scepticism in such circumstances. We have already discussed some examples of when this risk arises, because very often a familiarity threat arises in conjunction with a self-interest threat. 8.5.1 Long association of senior personnel with assurance clients Senior members of staff at an audit firm having a long association with a client is a significant threat to independence. All firms should therefore monitor the relationship between staff and established clients and use safeguards to independence such as rotating senior staff off the 322 ASSURANCE assurance team, involving second partners to carry out reviews and obtaining independent (but internal) quality control reviews. 8.6 Intimidation threat An intimidation threat arises when members of the assurance team have reason to be intimidated by client staff. These are also examples of self-interest threats, largely because intimidation may only arise significantly when the assurance firm has something to lose. 8.6.1 Actual and threatened litigation The most obvious example of an intimidation threat is when the client threatens to sue, or indeed sues, the assurance firm for work that has been done previously. The firm is then faced with the risk of losing the client, bad publicity and the possibility that they will be found to have been negligent, which will lead to further problems. This could lead to the firm being under pressure to produce an unqualified audit report when they have been qualified in the past, for example. Generally, assurance firms should seek to avoid such situations arising. If they do arise, factors to consider are: The materiality of the litigation The nature of the assurance engagement Whether the litigation relates to a prior assurance engagement The following safeguards could be considered: Disclosing to the audit committee the nature and extent of the litigation Removing specific affected individuals from the engagement team Involving an additional professional accountant on the team to review work However, if the litigation is at all serious, it may be necessary to resign from the engagement, as the threat to independence is so great. 8.6.2 Second opinions Another way that auditors can suffer an intimidation threat is when the audit client is unhappy with a proposed audit opinion, and seeks a second opinion from a different firm of auditors. In such a circumstance, the second audit firm will not be able to give a formal audit opinion on the financial statements – only an appointed auditor can do that. However, the problem is that if a different firm of auditors indicates to someone else's client that a different opinion might be acceptable, the appointed auditors may feel under pressure to change their opinion. In effect, a self-interest threat arises, as the existing auditor may feel that he will lose next year's audit if he does not change this year's opinion. There is nothing to stop a company director talking to a second firm of auditors about treatments of matters in the financial statements. However, the firm being asked for a second opinion should be very careful, because it is very possible that the opinion they form could be incorrect anyway if the director has not given them all the relevant information. For that reason, firms giving a 323 ASSURANCE second opinion should ensure that they seek permission to communicate with the existing auditor and they are appraised of all the facts. If permission is not given, the second auditors should decline to comment on the audit opinion. Given that second opinions can cause independence issues for the existing auditors, audit firms should generally take great care if asked to provide one anyway. 8.7 Conflicts of interest Audit firms should take reasonable steps to identify circumstances that could pose a conflict of interest. This is because a conflict of interest could result in the ethical code being breached (for example, if it results in a self-interest threat arising). 8.7.1 Conflicts between members' and clients' interests A conflict between members' and clients' interests might arise if members compete directly with a client, or have a joint venture or similar with a company that is in competition with the client. The rules state that members and firms should not accept or continue engagements in which there are, or are likely to be, significant conflicts of interest between members, firms and clients. 8.7.2 Conflicts between the interests of different clients Assurance firms can have clients who are in competition with each other. However, the firm should ensure that it is not the subject of a dispute between the clients. It must also manage its work so that the interests of one client do not adversely affect the other client. Where acceptance or continuance of an engagement would, even with safeguards, materially prejudice the interests of any client, the appointment should not be accepted or continued. Auditors often give their clients business advice unrelated to audit. In such a position, they may well become involved when clients are involved in issues such as share issues and takeovers. Neither situation is inherently wrong for an auditor to be in. With regard to share issues, audit firms should not underwrite an issue of shares to the public of a client they audit. In a takeover situation, if the auditors are involved in the audits of both predator and target company, they must take care in a takeover situation. They should not: Be the principal advisers to either party Issue reports assessing the accounts of either party other than their audit report If they find they possess material confidential information, they should contact the appropriate body or regulator. 8.7.3 Managing conflicts between clients' interests When considering whether to accept a client or when there is a change in a client's circumstances, assurance firms should take reasonable steps to ascertain whether there is a conflict of interest or if there is likely to be one in the future. Relationships that ended two or more years earlier are unlikely to create a conflict. Disclosure is the most important safeguard in connection of conflicts between clients' interests. 324 ASSURANCE Safeguards would usually include: Notifying the client of the interest/activities that may cause a conflict of interest and obtaining their consent to act in the circumstances, or Notifying all known relevant parties that the member is acting for two or more parties in respect of a matter where their respective interests are in conflict, and obtaining their consent so to act, or Notifying the client that the member does not act exclusively for any one client in the provision of proposed services, and obtaining their consent so to act Other safeguards Using separate engagement teams Procedures to prevent access of information (such as special passwords) Clear guidelines for the respective teams on issues of security and confidentiality The use of confidentiality agreements signed by the partners and staff Regular review of the safeguards by an independent partner Advising one or both of the clients to obtain additional independent advice 8.7.4 Individuals’ conflicts of interest Individuals within a firm may also face their own conflicts of interest. These may include conflicts between loyalty and responsibilities to their bosses and to staff who work for them. There may also be conflicts between individuals’ desire to maintain or improve their own position in the firm and a wish to be certain that their ethical stance is correct, for example how far to follow up an audit query. 8 Problems facing accountants in business 8.1 Conflicts between professional and employment obligations Ethical guidance stresses that a professional accountant should normally support the legitimate and ethical obligations established by the employer. However he may be pressurised to act in ways that threaten compliance with the fundamental principles. These include: Acting contrary to law, regulation, technical or professional standards Aiding unethical or illegal earnings management strategies Misleading auditors or regulators Issuing or being associated with a report that misrepresents the facts If the accountant faces these problems he should obtain advice from inside the employer, the IFAC or lawyers, or use the formal procedures within the organisation. 8.2 Preparation and reporting of information As well as complying with financial reporting standards, the professional accountant in business should aim to prepare information that describes clearly the nature of the business transactions, classifies and records information in a timely and proper manner and represents the facts accurately. If the accountant faces pressures to produce misleading information, he should 325 ASSURANCE consult with superiors. The accountant should not be associated with misleading information, and may need to seek legal advice or report to the appropriate authorities. 8.3 Acting with sufficient expertise Guidance stresses that the professional accountant should only undertake tasks for which he has sufficient specific training or experience. Certain pressures may threaten the ability of the professional accountant to perform duties with appropriate competence and due care: Lack of time Lack of information Insufficient training, experience or education Inadequate resources Whether this is a significant threat will depend on the other people the accountant is working with, his seniority and the level of supervision over his work. If the problem is serious, the accountant should take steps to remedy the situation including obtaining training, ensuring time is available and consulting. Refusal to perform duties is the last resort. 8.4 Financial interests Ethical guidance highlights financial interests as a self-interest threat to objectivity and confidentiality. In particular the temptation to manipulate price-sensitive information in order to gain financially is stressed. Financial interests may include shares, profit-related bonuses or share options. This threat can be countered by the individual consulting with superiors and disclosing all relevant information. Having a remuneration committee composed of independent non-executive directors determining the remuneration packages of executive directors can help resolve the problems at senior levels. 8.5 Inducements Ethical guidance highlights the possibility that accountants may be offered inducements to influence actions or decisions, encourage illegal behaviour or obtain confidential information. We cover bribery and corruption in more detail below. Bribery and corruption Impact of bribery and corruption Bribery is the offering, giving, receiving or soliciting of any item of value to influence the actions of an official or other person in charge of a public or legal duty. (Black’s Law Dictionary). Corruption can be defined as deviation from honest behaviour. The purpose of bribery is to influence the conduct of the recipient. A bribe may not be money or a tangible gift. It can be granting a privilege to the recipient. A bribe need not be paid to be 326 ASSURANCE effective. Sometimes a promise or undertaking may be sufficient to influence decision-making and conduct. As well as the payer and the recipient of the bribe, others may be complicit if they know about the bribe and fail to report it, they ignore signs that bribery is taking place or they hold a position of responsibility and fail to take action to prevent bribery. Legislation such as the Bribery Act 2011 in the UK therefore makes commercial organisations liable if their employees pay bribes, unless they take adequate procedures to prevent bribery. Bribery is an example of corruption. Other forms of corruption include the following: Abuse of a system – using a system for improper purposes Bid rigging – promising a contract in advance to one party, although other parties have been invited to bid for the contract Cartel – a secret agreement by supposedly competing producers to fix prices, quantity or market share Influence peddling – using personal influence in government or connections with persons in authority to obtain favours or preferential treatment for another, usually in return for payment. Why bribery and corruption are problems .1 Lack of honesty and good faith Corruption means that someone in a position of authority or responsibility, including corporate governance responsibility, will no longer be acting impartially and in accordance with a position of trust. Bribery encourages others to violate a duty of service. It can also undermine behaviour in other ways. If staff are aware that bribery goes on within their organisation, even if they are not involved in it themselves, then this may undermine attempts by the organisation to impose standards of behaviour. It may also result in an overall lack of trust in what the organisation is doing. .2.2 Conflicts of interest Those taking bribes will face a conflict between their legitimate duties and responsibilities (for example to shareholders), and any personal gains they may make through unethical activities. The personal gains may not be directly in the forms of money or gifts. Involvement by directors in bid rigging for example may generate higher profits for their company, which in turn may enhance their performance bonuses. Further conflicts of interest may also arise if anyone who has participated in corruption is threatened with public exposure. The actions they take to ensure public exposure does not occur may also not be in the interests of their organisation, or those whose interests they should be representing. .2.3 International risk management UK government guidance on the 2011 UK Bribery Act acknowledges that commercial organisations in some parts of the world and in some sectors may come under pressure to pay ‘facilitation payments’ to foreign officials to promote their business ends. However the number 327 ASSURANCE of places where businesses need to pay bribes to conduct business legitimately is debatable. If businesses had effective procedures for assessing and managing risks, then they should probably decide to avoid these places anyway. .2.4 Economic issues Bribery and corruption results in a misallocation of resources. Contracts do not go to the most efficient producer, but the producer that pays the highest bribes. Costs of doing business will increase. Bribery and corruption therefore threaten the basis on which markets are established and the operation of those markets. Participation in economic activity may be less likely if it is felt that bribery or market-rigging make it unlikely that an acceptable return will be achieved for the risks taken. Alternatively if one company is believed to be thriving by offering bribes, other companies may then follow its example and those being bribed may come to expect illicit payments as a matter of course. .2.5 Reputation Those who do business with the organisation, for example suppliers or customers, may cease to do so if they have no confidence in its honesty. Honest staff may decide to leave if they feel that they cannot trust their employer. .3 Measures to combat bribery and corruption Many of the measures we have already discussed will be relevant to combating bribery. Recent legislation in certain countries has put pressure on businesses to introduce sufficient controls. As mentioned above, under the UK Bribery Act, for example, if an employee or associate of a commercial organisation bribes another person, the organisation will be liable if it cannot show that it had adequate procedures in place to prevent bribes being paid. Under previous legislation, a company was only likely to be guilty if senior management was involved. Now however it must demonstrate that its anti-corruption procedures are sufficient to stop any employees, agents or other third parties acting on the company’s behalf from committing bribery. .3.1 Establishing culture The UK guidance highlights the need for board commitment to fight corruption. Directors may seek to establish a commitment against corruption by a formal statement, setting out a zero tolerance policy and spelling out the consequences for employees or managers who transgress. The statement should include an assertion of the benefits of avoidance of corrupt activity (for example maintaining reputation, and customer and business partner confidence). The commitment of the management team should be reinforced by the involvement of senior management in the development and implementation of bribery prevention procedures. As with other areas, communication of the organisation’s procedures and policies, and training in their application, will be very important in helping to establish the culture. Training should include general training on the threat of bribery on induction, and also specific training for those involved in higher risk activities such as purchasing and contracting. However, whilst establishing the right culture is an important part of taking effective action to combat corruption, a culture that is ambiguous or not enforced may adversely affect the success 328 ASSURANCE of other measures. This may occur if managers and staff feel that they are getting mixed messages. They may believe that they are expected to do what it takes to earn sufficient returns in environments where ethical temptations exist, or that ethically dubious conduct will be ignored or implicitly accepted. 3.2 Code of conduct A code of conduct is perhaps the most important element of communication that the UK guidelines stress. As well as being central to communication with employees, a publiclycommunicated code also reassures those doing business with the organisation and can act as a deterrent to misconduct. We have already seen in this chapter the example code of conduct that includes provisions about dealing truthfully with suppliers and refraining from seeking or participating in questionable behaviour to secure competitive advantage. Businesses may decide to issue a separate antibribery code. However there may also be the same issues with an anti-bribery code as a general ethical code, that for example staff do not feel it is relevant to them. This reinforces the need for effective training of staff. 3.3 Risk assessment Identification of circumstances where bribery may be a problem must be built into business risk assessments. Sensitive areas could include the activities of intermediaries or agents or staff within the organisation responsible for hospitality or promotional expenditure. Note the UK guidance stresses that risks may change over time (for example as the business enters new markets) and so may need to be reassessed. A poor internal control environment may also be a factor that contributes significantly to increased risk. .3.4 Conduct of business As the UK guidance states, a strong tone at the top and the ethical code may be undermined by a lack of detailed guidance on the implementation of anti-bribery procedures. Areas where detailed guidance may be required include the extent of due diligence procedures on potential business partners or intermediaries – highlighted as a key area in the UK guidance above. The guidance points out that due diligence is both risk assessment and a means of mitigating risks. Due diligence procedures may be carried out at different levels. They may be at a low level, for example, when contracting for the provision of information services, but at a higher level when a business is obliged to use a local agent in another country or is selecting an intermediary when establishing business abroad. Procedures may include questioning, investigations or general investigation. Appraisal and monitoring should continue once the relationship has been established. Other important areas will include The need for contractual terms with consultants and intermediaries to reflect internal rules and to emphasise zero tolerance of bribery Policies on hospitality and promotional expenditure and charitable and political donations 329 ASSURANCE Procurement and tendering guidelines Differentiation between properly payable fees (for example inspection certificates) and facilitation payments (often bribes) Recruitment and human resource procedures to mitigate the risks that employees in business sensitive areas will become involved in bribery However detailed the procedures, they will not be able to give absolute assurance that corrupt activities will not take place. Staff may misinterpret the requirements, or may encounter ethically dubious situations not covered by the guidance. They may assume that conduct not forbidden by the guidance is legitimate. There is also the issue that detailed guidance is meant to ensure compliance with the law. In many countries the law is not entirely clear. The US Chamber of Commerce, for example, has criticised American law for prohibiting bribery in some circumstances but not others, although critics have claimed that the evidence supporting this claim is thin. 10.3.5 Reporting of transactions and whistleblowing Ethical guidance points out that threats to compliance may appear to arise not only from the accountant making or accepting the inducement, but from the offer having been made in the first place. It recommends that directors or senior managers be informed, and disclosure may have to be made to third parties. An organisation’s guidance should make it clear that managers and staff should seek guidance about, and disclose, any activities that are questionable. Guidance on whistleblowing procedures should also make clear that they extend to reporting suspicions of bribery and corruption. Staff should also have the opportunity to make suggestions for improvement of bribery prevention procedures. 10.3.6 Monitoring As part of their regular monitoring of risk management, the board should receive reports on compliance with internal procedures such as due diligence on agents and details about questionable behaviour that has been discovered. The UK guidance makes clear that monitoring the systems designed to prevent bribery is an important element of the board’s overall monitoring of internal control systems and consideration of whether systems need to be improved as the risk environment changes. Events that may result in changes to systems include changes of government, reports of bribery or other negative press coverage. 9 The accountancy profession and the public interest 9.1 Professions and professionalism 9.1.1 Profession The theory and skills are acquired by a structured training process, validated by examination and maintained through continuing professional education. Values underpin the professional’s actions. For example the medical profession is underpinned by the principle of the sanctity of life. The common code of values and conduct should be independently administered by a governing body. 330 ASSURANCE The skills and values enhance the weight of a professional’s judgement. They are what the professional holds himself out to have by virtue of calling himself an accountant (for example) and belonging to a professional institute. In return for accepting a duty to society, members of a profession are allowed privileges, for example being able to practise certain activities or to use a title. A profession is based on a body of theory and skills, adherence to a common code of values and conduct, and acceptance of a duty to society as a whole. 1.2 Professionalism and professional behaviour IFAC's code of ethics defines professionalism in terms of professional behaviour. Professional behaviour imposes an obligation on professional accountants to act in the public interest. They should comply with relevant laws and regulations and avoid any action that may bring discredit to the profession. Professional behaviour is one of the fundamental principles that we discussed earlier this chapter, and professional behaviour in a wider sense would include compliance with the other four ethical principles. Professionalism can also be seen as a state of mind, a concern to take action in the public interest and sometimes to lead public opinion, for example in developing guidance on reporting. In marketing themselves and their work, professional accountants should not bring the profession into disrepute. They should avoid making exaggerated claims for their own services, qualifications and experience and should not refer to others disparagingly. Accountants may also have other professional responsibilities depending on the roles they hold, for example responsibilities as company directors. An ACCA survey in 2005 produced a wider definition of professionalism. The survey suggested that the most important competencies for modern professionals were: Maintaining confidentiality and upholding ethical standards Preparing financial information Complying with legal and regulatory requirements Interpreting financial statements Communicating effectively Preparing financial statements Problem-solving and managerial skills Professionalism is also important when dealing with professional colleagues, particularly if the individual is a senior member of the organisation. As leaders senior accountants should aim to work well with other team members, and deal appropriately with concerns they raise about the work they are doing. They should also look to set an example to junior staff. 11.2 The public interest 331 ASSURANCE The public interest is considered to be the collective well-being of the community of people and institutions the professional accountant serves, including clients, lenders, governments, employers, employees, investors, the business and financial community and others who rely on the work of professional accountants. (IFAC) IFAC comments that an accountant's responsibility is not exclusively to satisfy the needs of an individual client or employer. It extends to society, and often consists of supplying information that society needs. One fundamental problem with the debate about accountants acting in the public interest is the lack in most jurisdictions of a robust definition of what the public interest is that is backed by enforcement mechanisms. Within UK law for example there is no statutory definition of the public interest. As one critic, Lovell, comments 'Its malleability possibly explains both its longevity and its unreliability in a court of law.' Critics of the view that accountants act in the public interest have focused on the alleged closeness between accountants' definition of the public interest and the profession's own selfinterest. Critics have claimed that accountants' insistence on self-regulation indicates where their priorities lie. Some believe that the accountancy profession has always been vulnerable to this charge. Lee's history of the accountancy profession in the nineteenth century comments: 'The most obvious feature of early UK professionalisation is the pursuit by accountants and their institutions of economic self-interest in the name of a public interest'. 11.3 Influence of the accountancy profession on organisations That the influence of the accountancy profession is potentially huge can be established simply by considering all the different involvements that accountants have: Financial accounting Audit Management accounting Consulting Tax Public sector accounting Accountants’ advice will also be crucial in situations of change, where accountants are advising on the financial and information systems aspects of new developments. 11.4 The accountancy profession in society At one level the numbers included within accounts can have a number of impacts: (a) Mechanistic issues are where the accounts are used to judge the performance of a company or its directors in line with a regulation or contract. Examples are company borrowing limits which are frequently defined as a multiple of share capital and reserves and directors' bonus schemes that are based on some proportion of reported profits. 332 ASSURANCE (b) Judgemental issues are where the figures in the accounts influence the judgement of their users. The accounts may influence not just the view of investors, but governments seeking to assess what a reasonable tax burden would be and employees determining their wage claims. 11.5 Accountancy as a value-laden profession Critics of the accountancy profession claim that the work done and the conclusions drawn by accountants are determined by a set of beliefs and values that imply a particular view of how power and wealth should be distributed in society. Accountants, it is claimed, believe that precedence should be given to the interests of suppliers of financial capital. Many accountants would argue in response that the numbers in accounts support no cause and it is for others to draw conclusions on the figures produced. If pressed they might argue that they are following the requirements of laws or of their clients. However the laws may be ethically suspect and following the requirements of clients' argument does not support ideas of accountants' independence, or, worse, leads to the suspicion that accountants are pursuing ethically dubious courses. Even if the ends are not explicitly ethically suspect, much accounting literature does assume that accountants are producing information for individuals or corporations seeking to maximise their personal wealth. If this has a moral justification, it is based on the ideas of liberal economic democracy. These ideas are that individuals should be free to exercise their economic choices and are equally able to do so. No group in society dominates either economically or politically. The result of the individual pursuit of economic benefit is economic efficiency, maximum profits and economic growth, and everyone within society being better off. 11.5.1 Criticisms of liberal economic democracy Critics have claimed that the model of liberal economic democracy is far from reality and has various flaws. By providing the information that supports the present systems, accountants are complicit in perpetuating its flaws. (a) Lack of equality One significant criticism is that individuals are not equal economically and are evidently not able to make economic choices that will benefit themselves. The argument that people make a rational economic choice to be homeless is clearly wrong. Accountants are therefore accused of supporting those who can make economic choices and by doing so perpetuate social inequality, ensure wealth continues to be distributed amongst the already wealthy, and suppress minorities and the disenfranchised and powerless. (b) Role of institutions A related criticism is that individuals do not exercise the real power but institutions – principally the government and corporations. Indeed critics point to many instances of governments acting 333 ASSURANCE to protect the interests of shareholders and the information rights of the financial community against less well-off groups in society. Marxist arguments take this viewpoint to its furthest conclusion, arguing that power is held by capital, that capital and labour are inevitably in conflict and that the state acts to protect capital and suppress labour. Accountants too are complicit in this. (c) Failure to increase social welfare The argument that the pursuit of individual self-interest leads to maximum social welfare appears tenuous. Even if wealth is maximised, there is no guarantee that all aspects of social welfare will be maximised. Indeed some aspects of social welfare such as quality of life or health would not seem to have an obvious link with maximising income. In addition maximisation of wealth does not imply that wealth will be fairly distributed. Critics have claimed that economic growth has been at the expense of a widening gap between rich and poor, both within developed countries and between developed countries and the third world. (d) Environmental problems Critics such as the 'deep ecologists' have claimed that the pursuit of growth has been at the expense of environmental degradation and that society needs to change its priorities. By aiding the promotion of economic growth, accountants are complicit in supporting activity that harms the environment. (e) Ethical viewpoint Some critics have gone back to ethical theories outlined earlier and have claimed accountants are complicit in a version of utilitarianism with the economic ends justifying the means rather than another (preferable) ethical position. 11.6 Criticisms of the accountancy profession Inevitably perhaps it has been the critics of the accountancy profession who have been most vocal in highlighting the influence of accounting in resource allocation, seeking to demonstrate its complicity in wealth distribution and its role as the agent of capital. 11.6.1 Accountants in management accounting Puxty also argues that Foucault's ideas about the way in which regimes of power have grown and been sustained through disciplinary mechanisms and the institution of norms for human behaviour.' are very relevant to the role of the accountancy profession. 11.6.2 Accountants and financial accounting Unsurprisingly accountants have been criticised in similar terms for the picture published financial accounts give and the support they provide to capital markets. Prem Sikka argues that many accountants 'believe that mobilising accounting and auditing practices in support of markets and financial capital (held by shareholders) is ethically acceptable but mobilising accounting to give visibility to poverty and institutionalised exploitation is somehow unethical…Accounting and auditing practices remain preoccupied with prioritising capital over labour (in the income statement) and the property rights (in the statement of financial position). Most accounting books have little to say about social justice or the rights of employees.' 334 ASSURANCE For example Professor Sikka and others proposed expanding the level of disclosures in accounts in the early 1990s to include disclosures of low pay. This proposal was made at a time when the Labour party was pressing for the introduction of the minimum wage. Sikka and others have emphasised the idea that accountancy decisions inevitably have political consequences and that it is difficult to see how accountants could hold positions that are not influenced by wider values. However one criticism of their view is that accountants are not free to determine their own stance, and that instead they are constrained by politicians' attitudes expressed in legislation. 9.6.3 Accountants and taxation advice Prem Sikka and others have also criticised accountants for being complicit in their clients paying less than their ‘fair’ share of tax. In some cases accountants have been found guilty of helping clients evade tax and duly punished. However some critics seem to suggest that accountants should not be involved in helping their clients legally avoid tax. Again however the question arises whether accountants should base their advice on the law, or upon some sort of notion as to what a fair tax liability is. 9.7 Acting against the public interest Criticism of the accountancy profession has extended to the rules that it follows. Critics have argued that the rules: (a) (b) (c) (d) Are too passive, allowing too great a variety of accounting treatments, and failing to impose meaningful responsibilities on auditors such as an explicit responsibility to detect and report fraud Emphasise the wrong principles, giving priority to client confidentiality over disclosure in the wider public interest, and teaching accountants to follow rules rather than question them Allow auditors to establish a long-term, cosy relationship with clients by the failure to require compulsory rotation of auditors and allowing auditors to provide non-audit services, rather than forcing auditors to maintain a distance Allow the creation of too small a number of large firms who dominate the audit of major listed companies and therefore can effectively set the agenda as regards scope of audit work (although arguably it is only large firms that can audit the very biggest companies) Arguably these views depend to some extent on hindsight, the implication being that as auditors and governance structures have failed to identify corporate malpractice, there must be something wrong with the rulebook that is being followed. However we've seen how the fallout from the Enron case influenced the development of the stricter Sarbanes-Oxley rules in the United States. Partly this was due to Enron appearing in a number of ways to 'tick the right boxes'. It had a good number of non-executive directors on its board with a strong range of experience for example. End of chapter questions 335 ASSURANCE a) As a professional, a practitioner has to abide by professional code of ethics. Required: discuss the advantages and disadvantages that come with professional codes in general. b) Explain the fundamental principles that a practitioner must abide by in order to competently meet the expectations of society and public interest. c) Discuss the threats that are there in practice in relation to compliance with fundamental principles for professionals. ANSWERS TO END OF CHAPTER QUESTIONS Chapter 1 1. a. Elements of an engagement Three party relationship Subject matter Suitable criteria Sufficient appropriate evidence Written report 1. b. It is not appropriate to give a reasonable assurance because of the following limitations: The practitioners do not oversee the process of building the financial statements from start to finish. The accounting systems on which assurance providers may place a degree of reliance also have inherent limitations. Most assurance evidence is persuasive rather than conclusive. Practitioners use samples to test some of the subject matters. There may be collusion between staff . Assurance provision can be subjective and professional judgements have to be made. Assurance providers rely on the responsible party and its staff to provide correct information, which in some cases may be impossible to verify by other means. Some items in the subject matter may be estimates and are therefore uncertain. It is impossible to conclude absolutely that judgemental estimates are correct. 2. Benefits of an engagement An assurance provides an independent, professional verification on the subject matter. It may give additional confidence to other parties ( for example the audit report may give confidence to other users such as banks) The availability of independent checks may prevent errors, or fraud to be committed and also reduce the risk of management bias. It ensures that high quality, reliable information exist within an organization, leading to investor increased trust and confidence in the company’s information It helps boost stakeholders’ perception toward the organization’s attitude towards the environment and its stakeholders. 336 ASSURANCE Chapter 2 1. Reliability of evidence The following factors or generalisations can be made when assessing the reliability of engagement evidence: The reliability of engagement evidence is increased when it is obtained from independent sources outside the entity. The reliability of evidence which is generated internally is increased when the related controls, including those over its preparation and maintenance, imposed by the entity are effective. Evidence obtained directly by the practitioner is more reliable than evidence obtained indirectly or by inference. Evidence in documentary form, whether paper, electronic or other medium, is more reliable than evidence obtained orally. Evidence provided by original documents is more reliable than evidence provided by photocopies or facsimiles, the reliability of which may depend on the controls over their preparation and maintenance. 2. Engagement documentation Provides evidence of the practitioner’s basis for a conclusion about the achievement of the overall objective of the engagement. Provides evidence that the engagement was planned and performed in accordance with ISAEs and applicable legal and regulatory requirements. Assists the engagement team to plan and perform the engagement. Assists members of the engagement team responsible for supervision to direct, supervise and review the engagement work. Enables the engagement team to be accountable for its work. Retains a record of matters of continuing significance to future engagements. 3. Importance of audit planning It helps the auditor to devote appropriate attention to important areas of the audit. It helps the auditor to identify and resolve potential problems on a timely basis. It helps the auditor to properly organise and manage the audit engagement so that it is performed in an effective and efficient manner. It assists in the selection of engagement team members with appropriate levels of capabilities and competence to respond to anticipated risks and the proper assignment of work to them. It facilitates the direction and supervision of engagement team members and the review of their work. It assists, where applicable, in the coordination of work done by experts. Chapter 3 337 ASSURANCE 1.a - auditor is needed to express an opinion on the truth and fairness of financial statements. – 1.b – An auditor of a limited company may be appointed by (1) the directors, (2) members/shareholdoers or (3) the registrar of companies 1.c Rights of an Auditor includes: Right to access at all times to the books, accounts, vouchers or documents of the company. Right to require from directors, employees of the company any information which the auditor thinks necessary. Right to receive notices and attend meetings and to report on any matters concerning him/her as an auditor. Right to make a report on findings including failure of the directors to provide him with information and explanation which he deems necessary. Right to be heard when making a presentation during a meeting (etc) 2.a Powers and duties of an auditor To make a report to the members or shareholders on all financial statements laid before members in an annual general meeting. To state in his/her report whether accounts comply with the requirements of the Act and that they show a true and fair view in his/her opinion To report if proper accounting records have been kept. To report if proper returns from branches not visited by the auditor have not been received. To report if financial statements are not in agreement with the books of accounts. To consider if any information in the Director’s report is inconsistent with the accounts and to report any such instances. To investigate (this is an implied duty) if there are indications that material errors and fraud have occurred. 2.b Rights of an auditor Right to access at all times to the books, accounts, vouchers or documents of the company. Right to require from directors, employees of the company any information which the auditor thinks necessary. Right to receive notices and attend meetings and to report on any matters concerning him/her as an auditor. Right to make a report on findings including failure of the directors to provide him with information and explanation which he deems necessary. Right to be heard when making a presentation during a meeting 338 ASSURANCE Right to a reasonable remuneration. Right to a lien. (A lien is right to hold or keep somebody’s property until that somebody settles a debt) Right to receive correct information Chapter 4 1 To review internal controls system, risk management framework and governance processes with an aim of providing assurance that the three are effective and efficient, and giving advice on how to improve operations. 2 In relation to review of financial controls and financial statements. 3 False. Non accountants may also be qualified internal auditors 4 Financial statements that include: Statement of financial position, Statement of comprehensive income, Statement of cash flow, Statement of changes in equity and notes to accounts. Chapter 5 One The key risk arising from the above information is that trade receivables will not be carried at the appropriate value in the financial statements, as some may be irrecoverable. Where receipts are not matched against invoices in the ledger, the balance on the ledger may include old invoices that the customer has no intention of paying. It is difficult to assess at this stage whether this will be material. Trade receivables are likely to be a material balance in the financial statements, but the number of irrecoverable balances may not be material. Analytical procedures, for example, to see if the level of receivables has risen year-on-year, in a manner that is not explained by price rises or levels of production, might help to assess this. A key factor that affects the likelihood of the material misstatement arising is the poor controls over the sales ledger. The fact that invoices are not matched against receipts increases the chance of old invoices not having been paid and not noticed by Sparks. It appears reasonably likely that the trade receivables balance is overstated in this instance. Two In total, Baker's profit for the year has increased by 87% which appears at odds with the revenue figure, which has only increased by 12% in comparison to the previous year. This may indicate that revenue has been inflated or incorrect cut-off applied, especially given the fact that the directors of Baker have described the year as ‘challenging'. 339 ASSURANCE Revenue has increased overall by 12% but cost of sales has fallen by 12% – we would expect an increase in revenue to be matched by a corresponding increase in cost of sales. Again this may indicate incorrect allocation of revenue in order for the bank to look favourably on the company and increase its overdraft facility. It could also indicate an error in the valuation of closing inventory. The gross profit has increased by 28% compared to the previous period. The audit will need to focus on this change which is significant, focusing on the revenue and costs of sales figures to establish the reasons for the increase. Administration expenses have fallen in comparison to the previous year (decrease of 16%) which is unusual given that revenue has increased by 12%. We would expect an increase in costs to be in line with the increase in the revenue figure. This could indicate that expenses may be understated through incorrect cut-off or incorrectly capitalising expenditure which should be written off to the statement of profit or loss for the year. A similar issue applies to selling and distribution costs which have fallen by 8% – they have not increased as expected in line with revenue. There could be legitimate reasons for the change but this area needs to be investigated further during the audit fieldwork stage. Interest payable has stayed in line with the previous year (increase of 2%). This figure can be verified easily during the audit fieldwork by inspecting bank statements and other relevant documentation from the bank. Three a) (a) Quality of audit evidence (i) Evidence originated by the auditors This is in general the most reliable type of audit evidence because there is little risk that it can be manipulated by management. Examples (1) Analytical procedures, such as the calculation of ratios and trends in order to examine unusual variations (2) Physical inspection or observation, such as attendance at inventory counts (3) Reperformance of calculations making up figures in the accounts, such as the computation of total inventory values (ii) Evidence created by third parties Third party evidence is more reliable than client-produced evidence to the extent that it is obtained from independent sources. Its reliability will be reduced if it is obtained from sources which are not independent, or if there is a risk that client personnel may be able to and have reason to suppress or manipulate it. Examples (1) Circularisation of trade receivables or payables, confirmation of bank balances. 340 ASSURANCE (2) Reports produced by experts, such as property valuations, actuarial valuations, legal opinions. In evaluating such evidence, the auditors need to take into account the expert's qualifications, independence and the terms of reference for the work. (3) Documents held by the client which were issued by third parties, such as invoices, price lists and statements. These may sometimes be manipulated by the client and so are less reliable than confirmations received directly. (iii)Evidence created by management The auditors cannot place the same degree of reliance on evidence produced by client management as on that produced outside the company. However, it will often be necessary to place some reliance on such evidence. The auditors will need to obtain audit evidence that the information supplied is complete and accurate, and apply judgement in doing so, taking into account previous experience of the client's reliability and the extent to which the client's representations appear compatible with other audit findings, as well as the materiality of the item under discussion. Examples (1) The company's accounting records and supporting schedules. Although these are prepared by management, the auditors have a statutory right to examine such records in full: this right enhances the quality of this information. (2) The client's explanations of, for instance, apparently unusual fluctuations in results. Such evidence requires interpretation by the auditors and, being oral evidence, only limited reliance can be placed upon it. (3) Information provided to the auditors about the internal control system. The auditors need to confirm that this information is accurate and up-to-date, and that it does not simply describe an idealised system which is not adhered to in practice. (b) General considerations in evaluating audit evidence Audit evidence will often not be wholly conclusive. The auditors must obtain evidence which is sufficient and appropriate to form the basis for their audit conclusions. The evidence gathered should also be relevant to those conclusions, and sufficiently reliable to form the basis for the audit opinion. The auditors must exercise skill and judgement to ensure that evidence is correctly interpreted and that only valid inferences are drawn from it. Certain general principles can be stated. Written evidence is preferable to oral evidence; independent evidence obtained from outside the organisation is more reliable than that obtained internally; and evidence generated by the auditors is more reliable than that obtained from others. Four Materiality for Baker limited is 5% of profit before tax because it is a profit oriented entity. Overall Materiality is therefore K15m (performance materiality is (75% of overall materiality, K11.25m 341 ASSURANCE Materiality for Child rights trust is 1% of total expenses because it is not a profit oriented entity and the key business objective is not to make profits but to spend on child development activities. The appropriate benchmark is therefore total expenditure. Overall Materiality is therefore K11.5m (performance materiality is (75% of overall materiality, K8.625m 1. Substantive audit procedures 2. Documentation 3. Internal Controls Five It is important to document audit work in relevant audit work papers in order to Enable reporting partner to ensure all planned work has been completed adequately Provide details of work done for future reference Assist in planning and control of future audits Encourage a methodical approach Six Engagement letter Financial Statements Accounts Checklist Board minutes Management letter New client engagement questionnaire Audit planning Memorandum Accounting system notes Current audit file ( ) Permanent file ( ) Chapter 7 1.0 Example enquiries include Are there any changes areas that required a lot of subjective judgement? Are there are any new commitments, borrowings or guarantees Have any assets been sold or destroyed Have any new shares/debentures have been issued Have there been any developments in risky areas 342 ASSURANCE Have there been any unusual accounting adjustments Have there been any major events in the period? 2.0 The responsibilities are as follows Management are required to make an assessment of an entity's ability to continue as a going concern. Auditors are responsible for assessing the reasonability of management’s assessments and the assessment used. The auditor will therefore perform the following procedures o Discussing the assumptions used in management’s going concern assessment o Requesting that an assessment be done by management if it has not already been done. o Evaluate whether management’s assessment covers the minimum required period of 12 months from the date of assessment. o Evaluating management plans in response to any going concern problems identified by them The statement is true Chapter 8 (a) ISA 705 Modifications to the opinion in the independent auditor's report suggests that the auditor may need to modify the opinion under one of two main circumstances: i) The auditor concludes that the financial statements as a whole are not free from material misstatements, or ii) �The auditor cannot obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are free from material misstatement. For both circumstances there can be two 'levels' of modified opinion: i) Material but not pervasive, where the circumstances prompting the misstatement or possible misstatement are material. These circumstances will result in a qualified opinion. ii) Material and pervasive to the overall view shown by the financial statements, i.e. the financial statements are or could be misleading. These will result in an adverse opinion (financial statements are misstated) or a disclaimer of opinion (the auditor is unable to obtain sufficient appropriate audit evidence). (b) Whether a -modification of the audit opinion would be required in the circumstances described would depend on whether or not the auditors considered either of them to be material to the financial statements as a whole. An item is likely to be considered material in the context of a company's financial statements if its omission, misstatement or non-disclosure would prevent a proper understanding of those statements on the part of a potential user. i) Loss of records relating to direct labour costs for assets in the course of construction .The loss of records supporting one of the asset figures in the statement of financial position would cause a limitation in scope of the auditor's work because the auditor 343 ASSURANCE would be unable to obtain sufficient appropriate audit evidence. The K10,000 represents 29.4% of the expenditure incurred during the year on assets in course of construction but only 6% of total additions to non-current assets during the year and 1.5% of the year-end net book value for on-current assets. The total amount of K10, 000 represents 10% of pre-tax profit but, as in relation to asset values; the real consideration by the auditor should be the materiality of any over- or under-statement of assets resulting from error in arriving at the K10, 000 rather than the total figure itself. Provided there are no suspicious circumstances surrounding the loss of these records and the total figure for additions to assets in the course of construction seems reasonable in the light of other audit evidence obtained, and then it is unlikely that this matter would be seen as sufficiently material to merit any modification of the audit opinion. If other records have been lost as well, however, it may be necessary for the auditor to comment on the directors' failure to maintain proper books and records. (ii) Development cost debited to the statement of profit or loss The situation here is one of misstatement in the financial statements, since best accounting practice as laid down by IAS 38 requires that development costs should be taken to the statement of comprehensive income over the useful life of the product to which they relate. This departure from IAS 38 does not seem to be justifiable and would be material to the reported pre-tax profits for the year, representing 25% of that figure. While this understatement of profit would be material to the financial statements, it is not likely to been seen as pervasive and therefore a qualified opinion would be appropriate. (c) Qualified audit opinion extract Basis for qualified opinion .As explained in note ... development costs in respect of a potential new product have been deducted in full against profit instead of being spread over the life of the relevant product as required by IAS 38; the effect of so doing has been to decrease profits before and after tax for the year by K25, 000. Qualified opinion In our opinion, except for the effects of the matter described in the Basis for Qualified Opinion paragraph, the financial statements present fairly, in all material respects, (or give a true and fair view of) the financial position of Eastern Engineering Inc. as at March 31, 20X4, and (of) its financial performance and its cash flows for the year then ended in accordance with International Financial Reporting Standards. Chapter 9 1. PFI is financial information based on assumptions about events that may occur in the future and possible actions by an entity. It is highly subjective in nature and its preparation requires the exercise of considerable judgment. PFI can be in the form of a forecast, a projection or a combination of both, for example, a one year forecast plus a five year projection 344 ASSURANCE 2. Guidance on PFI engagements is provided by – International Standard on Assurance Engagements 3400. This standard gives guidance on the key considerations for such engagements. 3. The following matters should be considered before accepting appointment for a PFI engagement a. The intended use of the information. The use will provide an indication of the level of risk involved in the transaction for which the information is being provided. ; b. Whether the information will be for general or limited distribution; General distribution leads to more risk due to many users having the potential for using the information in order to make business decisions. Where use is limited the risk is likewise limited. c. The nature of the assumptions, that is, whether they are best-estimate or hypothetical assumptions; the type of assumptions determines the level of accuracy in the assumptions made. Best estimates can be more scientific and easier to confirm and corroborate than merely hypothetical assumptions which subject to more variation. d. The elements to be included in the information determines the level of complexity involved in preparing the financial information and the complexity required to examine and review the information; and The period covered by the information. The shorter the period the more accurate the assumptions and forecasts made. The longer the period, the less reliable the information will be. Chapter 10 a) To appraise the risk management process and provide assurance as to its efficiency and effectiveness. b) Strategic risks c) Financial risk d) To provide assurance on effectiveness and efficiency of risk management. Chapter 11 a) Accountability, transparency, responsibility and fairness b) Agency and stewardship Agency involves the transfer of capital from shareowners through the board to the control of managers. Managers are the ones that use capital from shareowners to achieve the objectives of the company. In this case, managers act as agents of shareowners through the board. On the other hand, stewardship refers to the directors’ role as guardians of the company’s assets. The shareowners, through the board, delegate authority to management and entrust the board to act on their behalf. 345 ASSURANCE c) Benefits of good corporate governance improves access to external financing, lowers the cost of capital, improves financial and operational performance, increases company valuation, and reduces risks of corporate crises. Chapter 12 1. The control environment, which is the foundation for the other components of internal control, provides discipline and structure by setting the tone of an organization and influencing control consciousness. Factors to consider in assessing the client’s control environment include: Integrity and ethical values, such as management’s actions to eliminate or mitigate incentives and temptations on the part of personnel to commit dishonest, illegal, or unethical acts, policy statements, and codes of conduct Commitment to competence, including management’s consideration of competence levels for specific tasks and how those levels translate into necessary skills and knowledge. Board of directors or audit committee participation, including interaction with internal and external practitioners Management’s philosophy and operating style, such as management’s attitude and actions regarding financial reporting, as well as management’s approach to taking and monitoring risks The entity’s organizational structure Assignment of authority and responsibility, including fulfilling job responsibilities Human resource policies and practices, including those relating to hiring, orientation, training, evaluating, counseling, promoting, and compensating employees 2. An entity’s risk assessment for financial reporting purposes is its identification, analysis, and management of risks pertaining to financial statement preparation. Accordingly, risk assessment may consider the possibility of executed transactions that remain unrecorded. The following internal and external events and circumstances may be relevant to the risk of preparing financial statements that are not in conformity with generally accepted accounting principles (or another comprehensive basis of accounting): Changes in operating environment, including competitive pressures New personnel that have a different perspective on internal control Rapid growth that can result in a breakdown in controls 346 ASSURANCE Corporate restructuring that might result in changes in supervision and segregation of job functions 3. Control activities are the policies and procedures management has implemented in order to ensure that directives are carried out. Control activities that may be relevant to a financial statement audit may be classified into the following categories: Category Control Activity 1 Performance reviews Compare actual performance with budgets, forecasts, and prior period results. 2 Information processing Controls relating to information processing are generally designed to verify accuracy, completeness, and authorization of transactions. Specifically, controls may be classified as general controls or application controls. General controls might include controls over data center operations, systems software acquisition and maintenance, and access security; Application controls apply to the processing of individual applications and are designed to ensure that transactions that are recorded are valid, authorized, and complete 3 Physical controls 4 Segregation duties This involve adequate safeguards over the access to assets and records, include authorization for access to computer programs and files and periodic counting and comparison with amounts shown on control records of This is designed to reduce opportunities that allow any person to be in a position to both perpetrate and conceal errors or fraud in the normal course of his or her duties, involves assigning different people the responsibilities of authorizing transactions, recording transactions, and maintaining custody of assets 4. The practitioner should obtain sufficient knowledge about the information system relevant to financial reporting. The information system generally consists of the methods and records established to record, process, summarize, and report entity transactions and to 347 ASSURANCE maintain accountability of related assets, liabilities, and equity. Communication involves providing an understanding of individual roles and responsibilities pertaining to internal control over financial reporting. 5. Monitoring is management’s process of assessing the quality of internal control performance over time. Accordingly, management must assess the design and operation of controls on a timely basis and take necessary corrective actions. Monitoring include activities such as separate evaluations, the use of internal practitioners, and the use of communications from outside parties (e.g., complaints from customers and regulator comments). 6. There is a direct relationship between objectives and components. This results from the fact that objectives are what an entity strives to achieve, while components are what an entity needs to achieve the objectives. It is also important to remember that internal control is relevant not only to the entire entity, but also to an entity’s operating units and business functions. 7. IT provides potential benefits of effectiveness and efficiency for internal control because it enables the entity to: Consistently apply predefined rules and perform complex calculations in processing large volumes of transactions or data. Enhance the timeliness, availability, and accuracy of information. Facilitate the additional analysis of information. Enhance the ability to monitor the performance of the entity’s activities and its policies and procedures. Reduce the risk that controls will be circumvented. Enhance the ability to achieve effective segregation of duties by implementing security controls in applications, databases, and operating systems. 8. IT poses the following specific risks to internal control: Reliance on inaccurate systems or programs Unauthorized access to data that may result in destruction of data or improper alterations to data. Unauthorized changes to master files Unauthorized changes to systems or programs Failure to make necessary changes to systems or programs Inappropriate manual intervention Potential loss of data 348 ASSURANCE 9. Ordinarily, a combination of the following procedures is used in obtaining a sufficient understanding of internal control: Previous experience with the client Review of client – prepared documents such as policies, manuals and organizational charts Inquiry of appropriate client personnel Observation of client activities Reference to prior year working papers 10. These are tests directed towards the design or operation of an internal control to assess its effectiveness in preventing or detecting material misstatements in a financial statement assertion. Inquiry of company personnel, inspection of client documents and records, observation of client activities, and re-performance of controls represent some of the procedures used in performing tests of controls. In performing tests of controls, the practitioner seeks answers to the following questions: Who performed the control? When was the control performed? How was the control performed? Was the control consistently applied? What is the relationship between the assessed level of control risk and substantive testing? Since the practitioner’s determination of the nature, extent, and timing of substantive tests is dependent on detection risk, the assessed level of control risk must be considered in conjunction with inherent risk Chapter 13 (i) Pressures from environmental legislation The early response of organisations to environmental issues was largely reactive, with the majority merely complying with, and not attempting to exceed, the requirements of regulations. Apparently the amount of environmental legislation in many countries worldwide has increased, and controls are likely to continue to be tightened in the future, companies do not only have to meet existing legislative requirements, but to look ahead and anticipate future developments. In addition, legislation is increasingly phrased so that there is the responsibility of organisations continuously to review and monitor their production processes and technology on environmental grounds. 349 ASSURANCE (ii) Environmental liabilities and insurance costs Organisations naturally look for insurance to protect themselves against potential liabilities, including environmental liabilities. Organisations pay a premium to insure themselves against the potential costs of environmental damage arising from their operations, for example, the costs of remediation from pollution incidents such as oil spills. (iii) Investment decisions to buy facilities Major companies are becoming aware of the massive potential risks involved in acquiring land, which has already been contaminated, or acquiring a business that has a poor environmental performance. Costs associated with ground remediation, that is, rectifying any damage which may have been caused by pollution, and the capital cost of potential compensation claims for past mistakes can easily outweigh any financial advantage of an acquisition. (iv) Allows detailed investigation of specific issues Environmental audits should naturally identify areas of weakness; in fact, they are designed and implemented specifically to achieve this objective. An initial review of an organisation or site may reveal particular issues that require further investigation, and the organisation may then decide to undertake an audit with the specific objectives of concentrating on a particular topic, such as waste, energy, water use or packaging. (v) Corporate image and marketing opportunities Many organisations have realised that there is real value in presenting a responsible stance towards the environment. Increasing public awareness of environmental issues and resulting consumer pressure means that companies which present an “environmentally friendly” image may be able to obtain a market advantage. (vii) Learning from past accidents A number of companies have caused environmental incidents that have triggered the step-change towards greater environmental management. That company directors in the UK, for example, can be put into prison for breaches of some parts of environmental law is also an incentive for managers to consider environmental issues more coherently. In addition, the immediate threat is normally not triggering an environmental audit, but an environmental programme as the type of environmental misbehaviour is then quite obvious, which is often followed up by an audit to verify progress. Chapter 14 Definitions Value for money can be defined as using resources in the best way in order to achieve planned results. Economy means acquiring resources of appropriate quality and quantity at the lowest cost. Efficiency refers to using resources in such a way that they produce the greatest possible amount of output. Effectiveness means using resources in such a manner as to achieve desired objectives. 350 ASSURANCE b) Examples of assessment criteria Item Economy Efficiency Effectiveness Human resource function criteria Cost of recruitment Time taken to recruit Recruiting right staff (in time) Procurement function criteria Cost and quality of goods/services Time taken to procure goods/service Procuring fit for purpose goods/service (in time) Chapter 15 a) Ethics is a branch of philosophy that studies the difference between right and wrong. Simply stated, ethics refers to standards of behaviour that tell us how human beings ought to act in the many situations in which they find themselves-as friends, parents, children, citizens, businesspeople, teachers, professionals, and so on. b) Any two branches of ethics include: i) Deontological ethics. These are those ethics that place emphasis on the decision or action itself. They place emphasis on the motivations, principles, or ideals underlying the decision or action rather than being concerned with the outcomes or consequences of that decision or action. This reasoning is founded on the desirability of principle (usually duties or rights) to act in a given situation. ii) Teleological ethics. These are ethics that base moral judgement on the outcomes of a decision or action. If the outcomes of an action are considered to be positive, or give rise to benefits, then that action is held to be morally right. Conversely, if the outcome causes harm, then the action is held to be morally wrong. The judgement of right or wrong depends on the consequences of the decision or action. c) Theories of ethics in literature include the following: i) Virtue theory. In this theory, the eemphasis is on deciding what sort of person one should try to be, and to define the virtues such a person would embody. You decide what makes a good person, instead of what makes a good action, and act accordingly. ii) Social contract theory. This theory advises one to think about ethics as embodying a set of rules agreed upon by reasonable people to bring order to social living. As such, when making an ethical decision one asks themselves “what rule would reasonable, unbiased people agree to? One then follow such rules, regardless of whether they benefit them in particular situations. Chapter 16 a) Personal ethics refers to the ethics that a person identifies with in respect to people and situations that they deal with in everyday life. Contrary to this, professional ethics refers to the ethics that a person must adhere to in respect of their interactions and business dealings in their professional life. b) An ethical dilemma is a situation in which an individual or group is faced with a decision that tests the code or moral system that evaluates what is right and what is wrong. Many 351 ASSURANCE of these dilemmas are simple to recognize and resolve. For example, have you ever been tempted to call your boss to report a fake bed rest when you are to attend a job interview elsewhere. Temptation like this will test your personal ethics. c) Importance of personal ethics i) Maintenance of clients’ confidence. The nature of accountants’ work puts them in a special position of trust in relation to their clients, employers and general public, who rely on their professional judgment and guidance in making decisions. These decisions in turn affect the resource allocation process of an economy. The accountants are relied upon because of their professional statues and ethical standards. Thus, the key to maintaining confidence of clients and the public is professional and ethical conduct. ii) Support fiduciary relationship. Accountants render professional services such as assurance and taxation service to clients for a fee as well as to employers if employed. Both of these cases are fiduciary relationships. In such a relationship, they have the responsibility to ensure that their duties are performed in conformity with the ethical values of honesty, integrity, objectivity, due care, confidentiality, and the commitment to the public interest before one’s own. Thus, accountants, as professionals, are expected to maintain a level of ethical conduct that goes beyond society’s laws. This has made the professional accounting bodies to develop a code of professional conduct, which sets rules or standards that define right from wrong to ensure that members’ behaviour complies with perceived public expectations of ethical standards. iii) Help to develop moral sensitivity on technical issues. How accountants have been involved with large corporate scandals in recent times reflects that they have not complied with the expected ethical standards. It is often argued that accountants’ focus too much on technical issues and lack ethical sensitivity to recognise ethical dilemmas involved with their work, which would ultimately lead to making wrong decisions. Thus, accountants should be trained to be sensitive to identify the moral dimension of seemingly technical issues. The ‘Framework for International Education Standards for Professional Accountants’ (2009) published by International Accounting Education Standards Board (IAESB) of IFAC supports this notion. This framework emphasises the need to include ethics education as a core component of professional accounting education to prepare the accounting professionals to face various ethical dilemmas that they face in carrying out their duties. Chapter 17 a) Advantages and disadvantages of professional codes. Advantages of professional codes i) Codes represent a clear statement that professionals are expected to act in the public interest, and act as a benchmark against which behaviour can be judged. They should thus enhance public confidence in the professions. ii) Codes emphasise the importance of professionals considering ethical issues actively and seeking to comply, rather than only being concerned with avoiding what is forbidden. 352 ASSURANCE iii) ACCA and IFAC codes state that they can be applied internationally. Local differences are not significant. iv) Codes can include detailed guidance, which should assist ethical decision-making v) Codes can include explicit prohibitions if necessary. vi) Codes prescribe minimum standards of behaviour that are expected. Disadvantages of professional codes vii) Professional codes, with their identification of many different situations, can lose focus on key issues. viii) Evidence suggests that some treat codes as a set of rules to be complied with and 'box-ticked'. ix) International codes such as the IFAC code cannot fully capture regional variations in beliefs and practice. x) The value of international codes may be limited by their not being legally enforceable around the world (although ACCA can enforce sanctions against members for serious breaches). xi) Illustrative examples can be interpreted mistakenly as rules to follow in similar circumstances. xii) Giving a lot of illustrative examples in codes may give the impression that ethical considerations are primarily important only when accountants are facing decisions illustrated in the codes. They may downplay the importance of acting ethically when facing decisions that are not clearly covered in the codes. b) The fundamental principles are: i) Professional competence and due care. Members have a continuing duty to maintain professional knowledge and skill at a level required to ensure that a client or employer receives competent professional service based on current developments in practice, legislation and techniques. Members should act diligently and in accordance with applicable technical and professional standards when providing professional services. ii) IntegrityMembers should be straightforward and honest in all business and professional relationships. iii) Professional behaviourMembers should comply with relevant laws and regulations and should avoid any action that discredits the profession. iv) ConfidentialityMembers should respect the confidentiality of information acquired as a result of professional and business relationships and should not disclose any such information to third parties without proper or specific authority or unless there is a legal or professional right or duty to disclose. Confidential information acquired as a result of professional and business relationships should not be used for the personal advantage of members or third parties. v) Objectivity Members should not allow bias, conflicts of interest or undue influence of others to override professional or business judgements. c) Threats that are there in practice in relation to compliance with fundamental principles include: 353 ASSURANCE i) Self-interest. Financial or other interests of a professional accountant or of an immediate family member inappropriately influence judgement or behaviour. Example: Having a financial interest in a client ii) Self-review. Evaluation of a judgement by the accountant who made the judgement, or a member of the same organisation. Example: Auditing financial statements prepared by the firm. iii) Advocacy. Accountant promoting a position or opinion to the point where objectivity may be compromised. Example: Advocating the client's case in a lawsuit. iv) Familiarity. A close relationship resulting in excessive trust in, or sympathy for, others. Example: Audit team member having family at the clien. v) Intimidation. Accountant not acting objectively because of actual or perceived pressures. Example: Threats of replacement due to disagreement. 354 ASSURANCE ASSURANCE ASSURANCE ASSURANCE THE INSTITUTE OF CHARTERED ACCOUNTANTS IN MALAWI Institute of Chartered Accountants in Malawi Stansfield House Haile Selassie Road P.O. Box 1 Blantyre Tel: 01 820 301/318/423 Fax: 01 822 354 Email: icam@icam.mw Website: www.icam.mw ASSURANCE
